Professional Documents
Culture Documents
This document has been compiled and published using product descriptions and specifications available at
the time of publication. The contents of this document and the specifications of the products discussed
herein are subject to change without notice. Motorola Solutions Inc. reserves the right to make any such
changes without notice. Neither Motorola Solutions Inc. nor any of its affiliated companies: (1) guarantees the
completeness or accuracy of the information contained in this document; or (2) is responsible for your use of,
or reliance on, the information. Motorola Solutions Inc. shall not be responsible for any losses or damages
(including consequential damages) caused by reliance on the information presented herein.
PDF-ACM-ADM-6.38.0-A
Revision: 1 - EN
20221116
2
Revisions
Revisions 3
Table of Contents
Revisions 3
Introduction 23
Logging In 23
Initial Setup 24
Accepting the End User License Agreement 24
Upgrading Your License Format 24
Adding a License 25
Online Licensing 25
Offline Licensing 25
Changing the Administrator Password 26
Creating a Super Admin Identity 26
Monitoring 28
Monitoring Events 28
Pause/Resume Events 29
Clear Events 29
View Live Video 29
View Recorded Video 30
Create Event Notes 30
View Event Notes 31
View Event Instructions 31
View Event Identity Details 31
View Event History 32
Change Events List Settings 32
Reconnect to Events List 32
Searching for Events and Alarms 33
View Camera (Search) 34
View Recorded Video (Search) 34
Create Event Notes (Search) 35
View Event Notes (Search) 35
View Event Instructions (Search) 35
View Event Identity Details (Search) 36
View Event History (Search) 36
Change Transactions List Settings 36
Monitoring Alarms 37
4
Acknowledge Alarms 38
View Live Video (Alarms) 39
View Recorded Video (Alarms) 39
Create Event Notes (Alarms) 39
View Event Notes (Alarms) 40
View Event Instructions (Alarms) 40
View Event Identity Details (Alarms) 41
View Event History (Alarms) 41
Change Alarms List Settings 41
Using the Verification page 42
Verifying Identities at Doors 42
Verification Events List 43
Using the Dashboard 44
Status Colors 46
Appliance Transactions Indicators 47
Device Status 47
Security Status 48
Installing, Uninstalling and Deleting Panels and Subpanels 49
Viewing, Masking and Unmasking Inputs 49
Viewing, Activating and Deactivating Outputs 49
Searching Panel, Subpanel, Input and Door Names 49
Saving Door Filters 50
Controlling Doors 50
Accessing Web Interface of Power Panels 51
Using Map Templates 52
Using a Map 52
Hardware Status 52
Viewing a Map 53
Map Actions 54
Adding Maps 57
Monitoring Bosch Intrusion Panels 57
Monitor Bosch Intrusion Panel Status 57
Monitoring Areas in Bosch Intrusion Systems 58
Viewing Areas 58
Arming Areas 59
Arming Perimeter Areas 59
Disarming Areas 59
5
Silencing Keypad Alarms 59
Clearing Alarms 60
Resetting Sensors 60
Monitor Bosch Intrusion Panel Points 60
Monitor Bosch Intrusion Panel Outputs 61
Monitoring and Controlling DMP Intrusion Systems 61
Viewing Panels, Areas, Zones and Outputs 61
Silencing Keypad Alarms on Panels 62
Resetting Sensors on Panels 62
Arming or Disarming Areas 63
Bypassing Zones and Resetting Bypassed Zones 63
Activating and Deactivating Outputs 64
Identities 65
Configuring HID Mobile Access® Credentials 66
Prerequisites 66
Step 1: Connecting to the HID Origo External System 66
Step 2: Enrolling Identities and Issuing Tokens 67
Issuing a Token to an Enrolled Identity on a Registered Mobile Device 67
Registering a New Mobile Device for an Enrolled Identity 68
Searching for HID Origo Tokens 68
Searching for an Identity 68
Adding an Identity 69
Assigning Roles to Identities 71
Assigning Tokens to Identities 71
Assigning Groups to Identities 72
Deleting a Token 72
Capturing and Uploading Photos of an Identity 73
Creating Badges for Identities 77
Timed Access 78
Adding Timed Access to an Identity 79
Editing Timed Access 80
Deleting Timed Access 80
Editing an Identity 80
Token Fields 81
Managing Roles 87
Configuring Roles 87
6
Adding a Role 87
Editing a Role 88
Assigning an Access Group to a Role 89
Assigning Delegations to a Role 89
Assigning Routing Groups to a Role 89
Assigning Roles 90
Deleting a Role 90
Searching for Roles 91
Role Fields 92
Roles - Access Groups page 93
Roles - Delegate page 93
Roles - Routing page 94
Roles - Assign Roles page 94
Roles - Access page 95
Roles - Audit page 95
Configuring Policies 96
Adding a Policy 96
Editing a Policy 97
Deleting a Policy 97
Policies list 97
Policies - Policy Add page 98
Policies - Policy: Add page 98
Policies - Mercury Security page 99
Policies - Input page 102
Policies - Output page 103
Policies - Audit page 104
Configuring Groups 104
Adding a Group 104
Editing a Group 105
Assigning Policies to Groups 105
Assigning Members to Groups 106
Creating a Hardware Group for Routing 106
Using Policies to Override Hardware Settings 107
Performing an Identity Batch Update 108
Performing a Batch Update from the Identity Profiles page 108
Performing a Batch Update from the Groups page 108
Performing an Identity or Template Batch Update 108
7
Scheduling an Identity or Door Batch Update 109
Deleting a Group 109
Groups list 110
Groups - Group Add page 110
Groups - Group Edit page 110
Groups - Policies page 110
Groups - Members page 111
Groups - Audit page 112
Managing Door Access 112
Adding an Access Group 112
Editing an Access Group 113
Deleting an Access Group 114
Access Groups - Example 114
Assigning an Access Group to a Role 115
Searching for Access Groups 115
Access Group Fields 116
Access Groups - Access page 117
Access Groups - Audit page 117
Managing Access in the Application 118
Adding a Delegation 118
Editing a Delegation 119
Adding a Delegation to a Role 119
Deleting a Delegation 119
Delegations list 119
Delegations - Delegation: Edit page 120
Managing a Partitioned ACM System 121
Planning a Partitioned System 122
Configuring a Partitioned ACM System 123
Adding a Partition 124
Editing a Partition 125
Deleting a Partition 125
Partitions - List 125
Partitions - Add page 125
Partitions - Partition Edit page 126
Assigning Partitions to ACM Operators and Entities 126
Routing Events to the Monitor Screen 127
Routing Groups - Introduction 128
8
Adding a Routing Group 128
Editing a Routing Group 129
Assigning a Routing Group to a Role 129
Deleting a Routing Group 130
Routing Groups list 130
Routing Groups - Add page 130
Routing Groups - Schedule page 131
Routing Groups - Event Types page 131
Routing Groups - Groups page 132
Managing Elevator Access 132
Adding an Elevator Access Level 133
Editing an Elevator Access Level 133
Assigning an Elevator Access Level to an Access Group 133
Deleting an Elevator Access Level 134
Elevator Access Levels list 134
Elevator Access Levels - Add page 134
Elevator Access Levels - Elevator Access Level: Edit page 135
Reports 136
Generating Reports 136
Report Preview 136
Editing Reports 137
Editing Audit Log and Transaction Reports 138
Creating Custom Reports 139
Scheduling a Custom Report By Batch Job (Specification) 140
Creating Custom Audit Log and Transaction Reports 141
9
Reader Template: Edit page 153
Input Templates 156
Input Templates list page 157
Input Template: Add page 157
Input Template: Edit page 159
Output Templates 160
Output Templates list page 161
Output Template: Add page 161
Output Template: Edit page 162
Wiring Templates 163
Wiring Templates list page 163
Wiring Template: Add page 164
Wiring Template: Edit page 166
Configuring Panels 167
Searching for Panels 167
Panel Migration 167
Mercury Security EP to LP Panel 167
Adding Panels 168
Configuring the Mercury Security MS Bridge Solution 170
Batch Creating Subpanels on a New Mercury Panel 171
Subpanel: Batch Create page 172
Subpanel: Batch Edit Details page 173
Subpanel: Batch Name Doors or Subpanel: Batch Create Summary page 174
Adding HID VertX® Subpanels 174
Adding Mercury Security Panels 174
Subpanel Fields 174
Subpanel: Batch Add page (VertX®) 175
Editing Panels 176
Editing HID® VertX® Panels 176
Editing Mercury Security Panels 176
177
Panel Card Formats 177
Resetting Anti-Passback from the Panel 177
Downloading Parameters 177
Downloading Tokens 177
Lenel Panel Support 178
Resetting Doors Connected to a Subpanel 178
10
Updating Panel Firmware 179
Updating Panel Time 179
SALTO Panel Status 180
SALTO Panel Configuration 180
Deleting Panels 180
Configuring Subpanels 181
Adding a Subpanel 181
Editing Subpanels 183
Inputs 183
Output Operating Modes 184
Outputs 184
Deleting Subpanels 184
Configuring Locks 185
Supported Devices 185
Configuring ASSA ABLOY™ Aperio® Wireless Lock Technology 186
Configuring Allegion Schlage AD-400 Series Locks 187
Configuring Allegion Schlage LE Series Locks 188
Configuring Allegion Schlage NDE Series Locks 190
Configuring SimonsVoss Wireless Locks 191
Prerequisites 192
Configuring Doors 193
Troubleshooting 195
Door Is Not Online 195
Door Status 195
Macros 195
Adding Macros 196
Editing Macros 196
Deleting Macros 197
Assigning Macros 197
Assigning a Macro to a Trigger 197
Assigning a Macro to a Macro 197
Assigning a Macro to a Door 198
Sorting Macros 198
Triggers 198
Adding Triggers 198
Editing Triggers 199
Deleting Triggers 199
11
Configuring Doors 199
Searching for Doors 200
Advanced Filtering on the Doors List 200
Controlling Doors 201
Adding Doors 202
Adding Simple Macros 211
Editing Doors 211
Doors - Editing VertX® Doors 212
Doors - Editing Mercury Security Doors 212
Deleting Doors 212
Door Modes 213
Access Types 215
Anti-Passback 215
Anti-Passback Modes 215
Setting Up Anti-Passback 217
Two-Person Minimum Occupancy and Single Door Configuration 218
Granting a Free Pass 220
Global Anti-Passback 221
Global Anti-Passback Modes 221
Interlocks 221
Adding Interlocks 222
Editing Interlocks 222
Doors list 222
Adding Doors 225
Doors - VertX® New Parameters page 234
Doors - Mercury Security New Parameters page 236
Doors - Door: Edit Screen 239
Door: Edit page (VertX® ) 239
Parameters tab (VertX® ) 239
Operations tab (VertX®) 242
Hardware tab (VertX®) 244
Reader Edit page (VertX®) 245
Input Edit page (VertX®) 245
Output Edit page (VertX®) 246
Cameras tab (VertX®) 247
Events tab 248
Doors - Creating Local Events for VertX® Doors 249
Access tab (VertX® ) 251
Transactions tab (VertX® ) 251
12
Door: Edit page (Mercury Security) 252
Parameters tab (Mercury Security) 252
Operations tab (Mercury Security) 256
Hardware tab (Mercury Security) 259
Reader Edit page (Mercury Security) 261
Input Edit page (Mercury Security) 263
Output Edit page (Mercury Security) 264
Elev tab (Mercury Security) 265
Cameras tab (Mercury Security) 265
Configuring and Viewing Live Video Stream 267
Overview 267
Configuring Live Video Stream 267
Interlocks tab (Mercury Security Doors) 268
Interlocks Add page 268
Interlock Edit page 269
Events tab 270
Doors - Creating Local Events for Mercury Security Doors 271
Access tab (Mercury Security) 273
Transactions tab (Mercury Security) 274
Doors - Access page 274
Viewing Door Events, Access Groups and Transactions 274
Configuring ACM Verify™ Virtual Doors 276
Adding an ACM Verify Door 276
Parameters tab (Avigilon) 277
Paired Devices 278
Prerequisites for Pairing Devices 278
Precautions for Paired ACM Verify Stations 279
Pairing a Device 279
Using ACM Verify 280
IP/PoE Mode Installation 281
System Overview 281
Supported Devices 282
Step 1: Creating an ENGAGE Site 283
Step 2: Configuring Gateways for IP Wireless Locks 283
Step 3: Configuring IP Wireless Devices 284
Step 4: Configuring Locking Operation 286
Applying Door Commands 287
Door Scheduling By Batch Job (Specification) 288
Viewing Gateway or Offline Wi-Fi Lock Status 288
13
Viewing Door Status and Events 289
Updating Gateway and Offline Wi-Fi Lock Firmware 291
Generating Reports 291
Offline Wi-Fi Mode Installation 292
Supported Devices 292
Step 1: Creating an ENGAGE Site 293
Step 2: Setting Up Communication to Offline Wi-Fi Locks 293
Step 3: Configuring Offline Wi-Fi Lock Operation 294
Viewing Gateway or Offline Wi-Fi Lock Status 295
Updating Lock Firmware 296
Deleting Offline Wi-Fi Locks 297
SALTO Door Installation 298
System Overview 298
Prerequisites 299
SALTO Server Installation and Configuration 299
Understanding SALTO and ACM Door Configuration 300
Escape and Return Mode 301
SALTO Ethernet Encoder Configuration 302
Supported Devices 302
Step 1: Connecting to a SALTO Server 302
Step 2: Configuring the SALTO Server 303
Step 3: Syncing Doors with the SALTO Server 304
Step 4: Installing and Configuring Doors 304
Step 5: Creating Identities and Tokens 306
Using Physical and Mobile Keys 307
Editing Tokens — Update Required and Re-edition Required 307
Canceling Keys 309
Downloading All Tokens 310
ASSA ABLOY™ IP Lock Installation 311
System Overview 311
Prerequisites 312
Supported Devices 313
Step 1: Configuring a Door Service Router for IP Locks 313
Step 2: Syncing Doors with the Door Service Router 314
Step 3: Installing and Configuring Doors 315
Step 4: Configuring Locking Operation 316
Door Scheduling By Batch Job (Specification) 317
14
Configuring Areas 317
Adding Areas 319
Editing Areas 319
Deleting Areas 319
EOL Resistance 319
Adding EOL Resistance for Mercury Input Points 319
Adding EOL Resistance for VertX® Input Points 320
Editing EOL Resistance for Mercury Input Points 320
Editing EOL Resistance for VertX® Input Points 320
Mercury LED Modes - List page 320
Editing LED Modes 321
Restoring to Default States 321
Mercury Security LED Mode Table page 322
LED Modes for Mercury Security 322
Configuring Card Formats 323
Supported Card Formats 323
Corporate Card Mode for Using Facility Codes 324
Issue Level Numbering for Reusing a Card Number 325
Adding Card Formats 326
Editing Card Formats 326
Deleting Card Formats 327
Card Format Fields 327
Configuring ACM System Events 330
Searching for ACM System Events 330
Customizing ACM System Events 331
Assigning Priority Colors to ACM System Events 331
Global Actions 332
Adding Global Actions 333
Adding a Group of Global Actions 333
Editing Global Actions 334
Types of Global Actions 334
Deleting Global Actions 335
Creating Global Actions and Linkages for Bosch Intrusion System 335
Intrusion panel alarm due to an event in the System 335
Disable and enable doors from keypad 335
Disarm Alarm on Access Grant with restricted authorities 336
Creating Global Actions and Linkages for DMP Intrusion System 336
15
Toggle Arming and Disarming Areas 336
Global Linkages - Introduction 337
Adding Global Linkages 337
Editing Global Linkages 337
Mustering 337
Mustering - Requirements 338
Mustering - Creating a Dashboard 338
Mustering - Using the Dashboard 339
Mustering - Manually Moving Identities 341
16
Monitoring Transactional Replication to Hot Standby 365
Configuring Network Connections 365
Configuring Ethernet Ports 365
Adding Ethernet Routes 366
Enabling Serial Ports 366
Backups 367
Backing Up System Data 367
Manually Backing Up Data 368
Restoring Backups 368
Restoring Backups From Other Backup Events 369
Logs 370
Accessing Appliance Logs 370
Software Updates 371
Updating the Appliance Software 371
SSL Certificates Overview 372
Supported Certificate Standards 372
Viewing the SSL Certificate 373
Creating an SSL Certificate 373
Creating a Certificate Signing Request 373
Uploading an SSL Certificate 374
About Appliances page 374
Adding a License 374
Online Licensing 375
Offline Licensing 375
Removing a License 376
Online Licensing 376
Offline Licensing 376
Upgrading Your License Format 377
Viewing the End User License Agreement 378
About Appliances page 378
17
Running a Collaboration 388
Previewing the General Identity Collaboration Log 389
Extracting a CSV Zip File 390
Deleting a Collaboration 391
Assigning an Event Type to a Collaboration 391
18
User Lists - Deleting Items 410
System Settings - Introduction 410
Remote Authentication - Introduction 410
Configuring Remote Authentication Using SSL Certificates 411
About Certificate Pinning 411
Requirements for Using Pinned Certificates 412
Requirements for Using Trusted Certificates 412
Pinning or Trusting Certificates in the ACM System 412
Enabling Remote Authentication for ACM Client Users 413
System Settings - General Fields 414
System Settings - Remote Authentication page 418
System Settings - External Domains list 418
System Settings - External Domains Add page 419
System Settings - External Domain: Edit page 420
System Settings - Certificates list 421
Certificate Upload page 422
Badge Templates and the Badge Designer 422
Using the Badge Designer 423
Badge Templates list 428
External Systems Overview 429
Supported External Systems 429
Adding External Systems 430
Editing External Systems 431
Editing an ENGAGE Site 431
Deleting External Systems 431
External Systems - Integrating an ACM Appliance into an ACC™ Site 432
External Systems - Defining the Badge Camera for the System 434
External Systems - ViRDI 435
External Systems - ViRDI System Settings 435
Bosch Intrusion Panels 436
Integrating the ACM System with Bosch Intrusion Panels 436
Adding a Bosch Intrusion Panel 438
Editing a Bosch Intrusion Panel 438
Viewing Auto-Synced Bosch Intrusion Panels 439
Deleting a Bosch Intrusion Panel 439
Viewing Bosch Intrusion Panel Areas 440
Viewing Bosch Intrusion Panel Points 440
19
Viewing Bosch Intrusion Panel Outputs 440
Viewing Bosch Intrusion Panel Users 441
Assigning Bosch Intrusion Panel Users to Identities 441
Supported Bosch Intrusion Panels 442
DMP Intrusion Panel Installation 445
System Overview 445
Prerequisites 446
Remote Link Software Configuration 446
A.C. Power Failure Notification 447
Panel Encryption 447
Remote Key 447
Supported Devices 447
Step 1: Connecting to a DMP Intrusion Panel 447
Deleting a DMP Intrusion Panel 448
Step 2: Viewing an Installed DMP Intrusion Panel and its Areas, Zones, Outputs and Users 449
Step 3: Assigning DMP Intrusion Users to Identities 449
Generating Reports 449
Enabling Debug Logs 450
Maps - Introduction 450
Maps - Creating and Editing a Map 450
Maps - Linking Maps 451
Using a Map 452
Hardware Status 453
Viewing a Map 453
Map Actions 455
20
Overriding Door Modes and Schedules 472
Adding an Override 472
Accessing the List of Overrides 474
Monitoring Overrides 474
Modifying and Deleting Overrides 474
Modifying an Override 475
Troubleshooting 515
Events 515
Appliance Events 515
Door Events 516
Control Lock Events 520
RU and RM Device Events 520
Intrusion Events 521
DMP Intrusion Events 521
DMP Intrusion Area 521
DMP Intrusion Output 522
DMP Intrusion Panel 522
DMP Intrusion User 524
DMP Intrusion Zone 525
Panel Events 526
SALTO Key Events 527
Subpanel Events 527
System Events 527
Enabling Debug Logs 528
21
Prerequisites 529
Enabling FIPS 140-2 Encryption on ACM Appliances 529
Enabling Large Encoded Card Format and Embedded Authorization on Panels 530
Updating Firmware 531
Adding Doors 531
Adding Reader Templates 531
Assigning Large Encoded Formats to Panels 532
Viewing Identities and Tokens 532
Monitoring Events 532
Glossary 533
22
Introduction
This guide provides an overview of the Admin role as defined in the Avigilon Access Control Manager (ACM)
software. This guide is meant to be used and referred to by those assigned the role of an Admin within the
ACM software.
The Admin role oversees the ACM system. They are responsible for monitoring and maintaining the ACM
system. For more information, see Permissions and Rights on page 486.
Note: This guide does not define the role of an Admin on all sites. Please contact your System
Administrator for more details.
Logging In
You can log in to the ACM system from any web browser that has access to the same network.
Note: If you are logging in to the ACM application for the first time, the default password for
the admin username must be changed. In addition, if you are performing a system upgrade,
the default password for the admin username must be changed if it was not changed
previously.
Tip: To change your password after initial installation, see Changing the Password in My
Account on page 477 and Changing the Administrator Password on page 26. For information
about the Password Strength Enforced field, see Password Strength Enforced on page 417.
Introduction 23
Initial Setup
After installing your ACM appliance, complete the following recommended setup procedures:
Note: If your system is licensed for more than the maximum number of readers, you will not be
eligible for an upgrade license. You can continue using your existing system, or contact sales to add
more features.
If you do not upgrade your license format, you can continue to use your existing features. However, you will
not be able to license new features.
Important: If you use the replication and failover features of the ACM system and you choose to
upgrade the license format you must upgrade the license format on both the primary and standby
ACM appliances. Replication features, including failover, will not function if the license format is not
the same on both appliances. Complete the following steps on both appliances.
Initial Setup 24
4. After you receive the Activation IDs, follow the procedure in Adding a License on page 374. You will
only need to enter one of the Activation IDs to automatically license the system for all features your
device is entitled to.
Adding a License
When you first install an ACM 6 system, you will need to license the system to use its features. Add additional
licenses to access new features as required.
Online Licensing
If you have Internet access, use online activation. Otherwise, see Offline Licensing below.
Offline Licensing
Offline licensing involves transferring files between a computer running the ACM system and a computer with
Internet access.
In the ACM system:
Adding a License 25
1. Go to activate.avigilon.com.
2. Click Choose File and select the .key file.
3. Click Upload.
Important: When reactivating a site cluster, upload all the deactivation .key files first and
then the single activation .key file at last.
5. Click .
If you are currently logged in with the admin identity, you are automatically logged out. Log in again using
the new password, or use a different Super Admin identity.
7. In the Roles tab, select Super Admin from the Available list and click to assign the new identity
to the Super Admin role.
8. Click .
Only these settings are required to create a Super Admin identity. You can add and configure more details for
the account.
Note: If you do not have the correct delegations, you may not be able to access some of the
following pages. See your System Administrator for details.
Monitoring Events
Events are defined as any activity that is reported between the ACM appliance and the hardware it oversees.
An event includes all alarms, but not all events are alarms. Events can include changes in configuration, a
report on door access, adding a new badge holder to the system, and more. In other words, any transfer of
data within the system is an event.
Note: Some of the buttons are disabled until you select an event that includes the relevant details.
l Pause button — Pauses the flow of events that are displayed on the page.
The flow of events does not actually stop, the system simply pauses the display of live updates until
you click Resume.
l Resume button — Restarts the flow of events that are displayed on the page.
This button only appears when the flow of events is paused.
l Clear button — Temporarily clear all events from the screen. New events automatically begin to
populate the list. To restore the cleared events, refresh the page.
l Live Video button — Displays live video that is associated with the selected event.
l Recorded Video button — Displays recorded video that is associated with the selected event.
l Notes button — Enter a new note or displays any previously saved notes for the selected event.
l Instructions button — Displays any instructions that should be completed when the event occurs. The
instructions were added when the event was created.
l Identity button — Displays details about the person that triggered the selected event.
Monitoring 28
l History button — Displays a detailed history of this event.
l Save Settings button — Saves your current settings for this page. For example, the columns and order
for this page.
l Select Columns button — Choose the information that you want displayed.
Check the box for each column that you want to see, and clear the box for each column that you want
hidden.
Click and drag the columns to move them into the order you want.
l Reconnect button — Reconnects to the appliance.
This button only appears if your browser has become disconnected from the appliance and an error is
displayed.
Pause/Resume Events
The display of live event updates can be paused. This allows you to view and investigate a specific event
without having to search for it. Once the event has been reviewed, the display of live event updates can be
resumed.
1. Click Monitor to access the Monitor Events page. For more detail see Monitoring Events on the
previous page.
2. Click Pause to pause the flow of events that are displayed on the page.
The flow of events does not actually stop, the system simply pauses the display of live updates until
you click Resume (this button only appears when the flow of events is paused).
3. Click Resume to restart the flow of events that are displayed on the page.
The list of events will resume updating.
Clear Events
Follow the steps below to clear all displayed events.
Note: This does not delete the events, it just removes the existing events from the view. To
restore the cleared events, refresh the page.
Pause/Resume Events 29
Follow the steps below to view live video.
1. Click Monitor. The Monitor Events page displays (for more information, see Monitoring Events on
page 28).
2. Select an event from the list.
Only events or alarms with an icon will have video.
3. Click Live Video to display live video that is associated with the selected event. (This button only
displays if video is available for this event.)
The Monitor Screen - Live Video window displays. View the live video in this window.
If the window does not display any video in the image panel, you may need to change your browser
settings to allow the display of insecure or mixed content. For more information, see the Help files for
your browser.
1. Click Monitor. The Monitor Events page displays (for more information, see Monitoring Events on
page 28).
2. Select an event from the list.
1. Click Monitor to access the Monitor Events page (for more information, see Monitoring Events on
page 28).
2. Select the event that you want to view notes for. (Events with notes will display with in the Icon
column.)
3. Click Notes to view notes for the selected event. (Alternatively clicking will do the same thing.)
The Monitor Screen - Notes Window will display. Existing notes will display as a list below the New
Note section. The date, Operator and note will display in this list.
Follow the steps below to view event instructions. The instructions were added when the event was created.
1. Click Monitor to access the Monitor Events page (for more information, see Monitoring Events on
page 28).
2. Select the event that you want to view instructions for. (Events with instructions will display with in
the Icon column.)
3. Click Instructions to view instructions for the selected event.
The Monitor Screen - Instructions Window will display. View the instructions in the table that displays.
4. Close the window to return to the Monitor Events page.
1. Click Monitor to access the Monitor Events page (for more information, see Monitoring Events on
page 28).
2. Select the event that you want to view history for.
3. Click History to view history for the selected event.
The Monitor Screen - History Window will display.
4. View the history details.
5. Close the window to return to the Events list.
Searching for specific events allows you to easily find an event in the system. For example, searching for
events can be used in situations where more information is needed on an event thought to be unusual or
suspicious. Once an event has been found, information such as recorded video, or notes can be viewed.
3. From the first drop down list, select the data type that you want to search. The options are:
l Panel Date
l Last Name
l Card Number
l Message
l Event Name
l Event Type
l Source
4. From the second drop down list, select the appropriate argument for your search. The available
arguments change depending on the selected data type. An argument may require you to make a
selection, specify a date, or enter some text.
6. If you want to narrow your search further, click to add another search filter.
7. Add as many search filters as you need to fulfill your search criteria.
8. When you have entered all your search criteria, click Search. The search results are listed in the
table above the search area.
9. Select any transaction from the search result and use the action buttons at the top of the page to see
the details of the event.
Follow the steps below to view live video from a camera from the Events Search (Transactions) page.
Only events or alarms with an icon will have video. The icons are not displayed by default. For more
information, see Change Transactions List Settings on page 36.
3. Click Camera to display live video that is associated with the selected event.
4. View the live video in this window.
If the window does not display any video in the image panel, you may need to change your browser
settings to allow the display of insecure or mixed content. For more information, see the Help files for
your browser.
Follow the steps below to view live video from the Events Search (Transactions) page.
Only events or alarms with an icon will have video. The icons are not displayed by default. For more
information, see Change Transactions List Settings on page 36.
Note: An event with recorded video associated with it may display an error message if the
recorded video is no longer available on the video recorder.
Follow the steps below to create event notes from the Events Search (Transactions) page.
Follow the steps below to view event notes from the Events Search (Transactions) page.
Follow the steps below to view event instructions from the Events Search (Transactions) page. The
instructions were added when the event was created.
For example, if you want to search this list to see if an event occurred on a door that has a camera associated
with it, add the icons column. This column displays a next to any event from a door that has a camera
associated with it.
Follow the steps below to change the settings of the events list.
Monitoring Alarms
Alarms that occur in the system are listed in the Monitor Alarms page as they occur (accessed through
selecting Monitor > Alarms).
An alarm occurs when the system senses an unusual event such as a forced or held door. Each alarm needs
to be reviewed and responded to. Information on the alarm can be viewed, along with any available video.
After an alarm has been acknowledged, it is moved to the list of acknowledged alarms. This list allows users
to view past alarms and clear them from the system.
To review and acknowledge alarms, select one or more alarms from the Unacknowledged Alarms list then
click one of the following buttons:
Note: Some of the buttons are disabled until you select an event that includes the relevant details.
l Acknowledge — Click this button to acknowledge one or more selected alarms. The selected alarms
are moved to the Acknowledged Alarms list.
l Acknowledge All — Click this button to acknowledge all alarms that are currently active and
unacknowledged.
l Live Video — Click this button to display live video associated with the selected alarm.
l Recorded Video — Click this button to display recorded video associated with the selected alarm.
l Notes — Click this button to enter a new note or display any previously saved notes for the selected
event.
l Instructions — Click this button to display any instructions that should be completed when the alarm
occurs. The instructions were added when the event was created.
l Identity — Click this button to display details about the person that triggered the selected alarm.
Monitoring Alarms 37
l History — Click this button to display a detailed history of this alarm.
l Save Settings — Click this button to save your current settings for this page. For example, the columns
and order for this page.
l Sound Off — Click this button to mute any alarm noises on the device used to monitor Alarms.
When sound is muted, the button changes to Sound On. Click this button to turn the sound back on.
l Select Columns — Click this button then choose the information that you want displayed.
Check the box for each column that you want to see, and clear the box for each column that you want
hidden.
After an alarm has been acknowledged, the alarm is added to the Acknowledged Alarms list. You can clear
the alarms from the list as needed.
Note: Some of the buttons are disabled until you select an event that includes the relevant details.
l Clear — Click this button to clear one or more acknowledged alarms from the list.
l Clear All — Click this button to clear all alarms from the Acknowledged Alarms list.
l Select Columns — Click this button then choose the information that you want displayed.
Check the box for each column that you want to see, and clear the box for each column that you want
hidden.
Acknowledge Alarms
When an alarm occurs in the system, an action must be taken. Once the alarm is resolved, it must be
acknowledged. This tells the other users of the system that the alarm has been dealt with and is not a
problem.
Acknowledge Alarms 38
View Live Video (Alarms)
Live video that is associated with a selected alarm can be displayed from the Monitoring Alarms page. For
example, if an alarm occurs, the live video can be viewed to observe the alarm and determine if any actions
need to be taken.
Follow the steps below to view live video from the Monitor Alarms page.
1. Click Monitor > Alarms. For more information see Monitoring Alarms on page 37.
2. Select an alarm from the list.
Only events or alarms with an icon will have video.
3. Click Live Video to display live video that is associated with the selected alarm. This button only
displays if video is available for this alarm.
The Monitor Screen - Live Video window displays. View the live video in this window.
If the window does not display any video in the image panel, you may need to change your browser
settings to allow the display of insecure or mixed content. For more information, see the Help files for
your browser.
Follow the steps below to view recorded video from the Monitor Alarms list.
1. Click Monitor > Alarms. The Monitor Alarms page displays (for more information see Monitoring
Alarms on page 37).
2. Select an event from the list.
Follow the steps below to create event notes from the Monitor Alarms page.
Follow the steps below to view event notes from the Monitor Alarms page.
1. Click Monitor > Alarms. The Monitor Alarms page displays. For more information see Monitoring
Alarms on page 37.
2. Select the event that you want to view notes for. Events with notes will display with in the Icon
column.
3. Click Notes to view notes for the selected event. Alternatively clicking will do the same thing.
The Monitor Screen - Notes Window will display. Existing notes will display as a list below the New
Note section. The date, Operator and note will display in this list.
4. Close the dialog box to return to the Monitor Alarms page.
Follow the steps below to view event instructions from the Monitor Alarms page. The instructions were added
when the event was created.
1. Click Monitor > Alarms to access the Monitor Alarms page displays. For more information see
Monitoring Alarms on page 37.
2. Select the event that you want to view instructions for. (Events with instructions will display with in
the Icon column.)
1. Click Monitor > Alarms. The Monitor Alarms page displays. For more information see Monitoring
Alarms on page 37.
2. Select the event that you want to view identity details for.
3. Click Identity to view identity details for the selected event.
The Monitor Screen - Identity Window will display.
4. View the details (e.g. Last Name, First Name, Title, etc.).
5. Close the window to return to the Monitor Alarms page.
1. Click Monitor > Alarms to access the Monitor Alarms page. For more information see Monitoring
Alarms on page 37.
2. Select the event that you want to view history for.
3. Click History to view history for the selected event.
The Monitor Screen - History Window will display.
4. View the history details.
5. Close the window to return to the Monitor Alarms page.
1. Click Monitor > Alarms to access the Monitor Alarms page. For more information see Monitoring
Alarms on page 37.
The list displays in date order, with the most recent events at the top of the list.
2. If you want to re-sort the order of the list:
l Click in the heading of the column to sort by (e.g. Priority). The list will sort in ascending order
based on that column (e.g. ascending order of priority).
l To change the sort order to descending, click the column heading again.
3. If you want to re-sort the order of the columns, click on the column you want to move then drag and
drop this to it's new location.
Note: To reset default settings, select > Clear Custom Layouts. This resets all customized lists
to their default setting.
This page allows a qualified operator to review information, including photos, about card holders entering or
exiting specific doors.
The page is divided into two halves - the top Doors section and the bottom Events section.
l At the top of the page are four door panes that allow you to select and monitor four doors at a time.
After you select a door to a pane, you can monitor live event transactions as they occur at that door.
l Underneath the door panes is a list of live door transactions displayed like the Events page.
Not all door events will display in this list. Only events in the priority number range 300 to 700 display.
A full listing of all events is available on the Monitor Events page.
1. Click Monitor > Verification. The Verification page displays. For more information see Using the
Verification page on the previous page.
This page has two sections - doors and an events list. For more information on the doors display see
Verifying Identities at Doors on the previous page. The events list displays in date order, with the most
recent events at the top of the list.
Note: Not all door events will display in this list. Only events in the priority number range 300
to 700 display. A full listing of all events is available on the Monitor Events page.
2. If you want to clear a single event from the list, select the event and click Clear. To clear all events,
click Clear all.
3. If you want to re-sort the order of the list:
l Click in the heading of the column to sort by (e.g. Priority). The list will sort in ascending order
based on that column (e.g. ascending order of priority).
l To change the sort order to descending, click the column heading again.
Note: Saving the settings only saves the column configuration. The doors selected for
verification will need to be selected each time you return to the page.
Note: To reset default settings, select > Clear Custom Layouts. This resets all customized lists
to their default setting.
Select Monitor > Dashboard for a top-level view of the Dashboard where you can drill down for details.
From the Panels table, you can access a list of subpanels in the
Subpanels table. From the Subpanels table, you can access a list of
inputs and outputs in the Inputs and Outputs tables.
From the Inputs and Outputs tables, you can directly access the list of
inputs and outputs.
From the Doors table, you can control individual doors, investigate doors
with active faults, and see more information about the state of individual
doors.
3 Panels Displays a summary of the fault state of the installed panels. Click the
number next to the fault to drill down to the details of the fault in the
Panels table, which is filtered to display only the panels with that fault.
4 Subpanels Displays a summary of the fault state of the installed subpanels. Click the
number next to the fault to drill down to the details of the fault in the
Subpanels table, which is filtered to display only subpanels with that fault.
5 Inputs Displays the total number of inputs in each state. Click the number next
to the state to drill down to the Inputs table, which is filtered to display
only inputs with that state.
6 Outputs Displays the total number outputs in each state. Click the number next to
the state to drill down to the Outputs table, which is filtered to display
only inputs with that state.
7 Doors Displays the summary of the fault state of the installed doors. Click the
number next to the fault to drill down to the Doors table, which is filtered
to display only alarms with that fault.
8 Appliances When no issues occur in the ACM appliance items, their status is green.
Hover the mouse over each status indicator to see more details. For
example, "RAM free 45%" displays for the RAM status.
Status Colors
Status colors identify the health of the different devices in the system. The status colors represent the
following states:
Status Colors 46
Color Status Description
Trouble Indeterminate or offline status of inputs, outputs, panels or subpanels, and the
ACM appliance. Inputs or outputs may be operating in a wiring fault state.
Alarm Alarm condition. An ACM operator should investigate the problem and resolve the
issue.
Masked Input is currently masked. Its actual state is not displayed. Masked inputs are
intended to change as part of normal operations, so that they are not constantly
being reported.
Normal The appliance transactions stored in the system are less than 85% of the
maximum stored transactions threshold.
Trouble The appliance transactions stored in the system are between 85% - 95% of the
maximum stored transactions threshold.
Alarm The appliance transactions stored in the system are over 95% of the maximum
stored transactions threshold.
Tip: When the transactions are close to exceeding the maximum stored transactions threshold, do
the following:
Device Status
Panels, Subpanels, Inputs, Outputs and Doors only.
Communication Communication between the panel, subpanel or door, and the ACM
system is enabled.
Synchronization Synchronization between the door and the ACM system is pending.
Synchronization Synchronization between the door and the ACM system is out of sync.
Security Status
To see the legend for device status:
l Click Legend to see the list of statuses and the related icons.
Security Status 48
Icon Status Description
TLS Required The panel is configured to use Transport Layer Security (TLS) protocol to
secure communication with the ACM appliance.
TLS & Certificate The panel is configured to use TLS protocol and a certificate to secure
Required communication with the ACM appliance.
l
Click at the end of a row in the Inputs table to:
o View — Displays the Input: Edit page.
o Mask — Masks the selected input.
o Unmask — Unmasks a previously masked input.
1. Click the name of the panel and subpanel to display the Outputs table.
Controlling Doors
While you are monitoring the system, you may need to override the default door settings to allow a visitor
access to an area, or unlock a door in an emergency situation. From a Doors listing page in Physical
Access or Monitor > Dashboard, use the Door Action, Door Mode, Forced, Held, and Installed drop-down
menus to control doors.
Doors can also be controlled from Monitor > Maps. For more information, see Using a Map on page 452.
Note: Only the Installed options are available for virtual doors installed for use with ACM Verify
readers.
Note: The door actions below are not applicable for Schlage offline Wi-Fi doors or SALTO
standalone doors. Only Grant is applicable for Schlage Control™ locks. Only Unlock and
Locked No Access are applicable for Von Duprin remote undogging (RU) devices. Locked No
Access and Disable are not applicable for ASSA ABLOY battery-powered and external-
powered doors.
l
The (installed) or (uninstalled) status of the panel is read-only and cannot be changed.
l Click a command:
o Status — Displays the current status of the LifeSafety panel.
o Log — Displays the log of events and alarms recorded by the LifeSafety panel.
o Edit — Displays the browser page for the remotely connected panel. Edit the configuration as
required.
Feature Description
Add Map Click this button to add a new map template.
Template
Name The name of the map template.
A list of all the configured maps is displayed. Also included in the list are configured
Mustering dashboards.
Click the name of the map template to display the configured map or dashboard.
Using a Map
Access a map of your site, facility or floor plan from the Monitor page to do any of the following:
l Monitor the status of doors, panels, subpanels, inputs and outputs that are installed. For example, a
mustering station on the third floor of a building.
l Set the door mode and door commands on the map.
Note: Unlike the Physical Access > Doors or Monitor > Dashboard page which displays
all modes and commands regardless of door type, the Monitor > Maps page displays only
the modes and commands that are supported by your door or device.
l Keep track of identities as they arrive at muster stations from the Mustering dashboard.
Hardware Status
The following indicators are displayed on the map as events occur:
Viewing a Map
To access and monitor your site from a map:
Viewing a Map 53
Note: Fields in this list are dependent on the door or device. Some commands or fields are
not supported for all doors or devices.
Icon Description
Doors
Panels
Subpanels
Inputs
Outputs
Cameras
Zoom In
Zoom Out
Global Actions
Map Actions
The actions you can complete on a map are determined by the permissions of your assigned roles.
To... Do this...
Review The colored bar below each item displays an overview of the current
hardware status communication and power status.
l Click the icon on the map to display the control menu.
For more information about the colored hardware status bar, see the specific
hardware status page. For more information about the status colors, see Status
Colors on page 46.
Review an alarm If you see a red alarm indicator, the item on the map is in an alarm state.
l Click the alarm indicator to see the status details.
For more information about alarm actions, see Monitoring Alarms on page 37.
Modify or delete If you see solid blue disk indicator, an active override is in effect on the door. If
an override you see a hollow blue disk indicator, an inactive override is defined.
l Click the indicator to open the Doors: Overrides page to see details.
Map Actions 54
To... Do this...
Respond to a If you see a red bounding box around the status indicator, the door is in Priority
priority situation Mode.
Control a door Click on the map to display the control menu for the selected door.
Note: Fields in this list are dependent on the door or device. Some
commands or fields are not supported for all doors or devices.
Use the menu options to set the Door Mode. For more information, see Door
Modes on page 213.
Use the following menu options to mask or unmask alarms:
l Mask Held — Mask the Door Held Open Alarm.
l Unmask Held — Unmask the Door Held Open Alarm.
l Mask Forced — Mask the Door Forced Open Alarm.
l Unmask Forced — Unmask the Door Forced Open Alarm.
To view live video, recorded video, notes, instructions, identities, and history
click Trace to display the event transactions for the door.
To hide the control menu, click the icon again.
Map Actions 55
To... Do this...
Control a panel Click on the map to display the panel control menu, then for the panel or
or subpanel subpanel use these options:
l Panels
o Download Params — Download the latest system configurations
to the panel.
o Tokens — Download the tokens to the panel.
o Reset/Download — Reset and download the current system
configuration to the panel.
o APB Reset — Resets all panel and area counts to zero.
o Clock — Re-sync the panel time.
o Trace — Display the event transactions for the panel.
l Subpanels
o Trace — Display the event transactions for the subpanel.
Viewing live video, recorded video, notes, instructions, identities, and history can
be performed on the event transactions.
To hide the control menu, click the icon again.
Control an input Click the on the map to display the input control men for the input.
Use these options to mask or unmask the input:
l Mask — Mask the input.
l Unmask — Unmask the input.
To hide the control menu, click the icon again.
Control an Click the on the map to display the output control menu for the output.
output
Use these options to initiate output actions:
l On — Activate the output.
l Off — Deactivate the output.
l Pulse — Pulse the output.
To hide the control menu, click the icon again.
Display video Click the on the map to display the Camera Video window.
Map Actions 56
To... Do this...
Monitor the If there is a Mustering dashboard configured on the map, it may appear as a line
dashboard of text or as a shape with text inside.
The dashboard displays the number of identities in the area and may include the
name of the area. In Example map of a muster station on the third floor on
page 53, the dashboard is the gray square.
Click the dashboard to see a list of all the identities that are in the area. Click
outside the pop-up dialog to hide the identities list. Click the First Name or Last
Name to view the identity.
Adding Maps
Follow the steps below to add maps.
1. Click Monitor > Maps. The Map Templates (Monitor) list displays.
2. Click Add Map Template.
The Map Template: Add page displays.
3. Enter a name for the Map in the Name field.
4. To:
l Upload a file, select File and click Browse then select the file to upload in the Choose File to
Upload dialog box and click Open.
l Create a blank canvas, select Blank Canvas.
5. To resize the image, enter resizing proportions in the Re-size To fields.
Adding Maps 57
1. Select Monitor > Bosch Intrusion Status.
2. View the list that displays.
The following statuses display for panels:
l Communications
l Battery
l Power
l Tamper
l Phone Line
The following statuses apply to all of the above:
Online
Alarm
Trouble
Note: To view more detail on the status, hover over the status icon to view a pop-up message
(e.g. hovering over an Alarm status indicator in the Comm column might return the message
'Not connected, verify configured IP and port').
3. If you want to narrow the list that displays use the filter function. Enter a panel name to filter the list
results by panel. Type in the name (or part of the name) of the panel and the list will update as you
type.
4. If you want to sort the list, click to sort in ascending order, or to sort in descending order in each
column.
Note: If displays on the Areas tab, it indicates at least one of the areas is in alarm.
Viewing Areas
To monitor the areas of all connected intrusion panels and send commands to them:
Armed
Ready to Arm
Partial Arm
Trouble
Alarm
Note: To view more detail on the status, hover your mouse over the status icon to view a
tooltip. For example, hovering over an Armed status indicator displays 'All On Instant Arm'.
Arming Areas
1. Select the areas to be armed.
2. Click Primary and select the arming option.
o Instant Arm - Arm all points for the selected areas instantly.
o Delay Arm - Arm all points for the selected areas with an entry/exit delay.
o Force Instant Arm - Arm all points for the selected areas instantly, regardless of their current
state.
o Force Delay Arm - Arm all points for the selected areas with an entry/exit delay, regardless of
their current state.
Disarming Areas
1. Select the areas to be disarmed.
2. Click Disarm.
Arming Areas 59
Clearing Alarms
1. Select the areas that are in alarm.
2. Click Clear Alarms.
Resetting Sensors
1. Select the areas.
2. Click Reset Sensors.
The reset time is 5 seconds. During the reset time, alarms from the points associated with the selected
areas will be ignored.
Normal
Faulted
Bypassed
Trouble
Note: To view more detail on the status, hover over the status icon to view a pop-up message
(e.g. hovering over an Bypassed status indicator might return the messages such as 'Open',
'Missing' or 'Normal').
Clearing Alarms 60
Note: Some points in the system may not be bypassed due to configuration settings. Trying to
bypass these points will result in no state change.
Inactive
Active
Trouble
4. If you want to narrow the list that displays, either:
l Use the filter function. Enter an output name to filter the list results by output. Type in the name
(or part of the name) of the output, or panel and the list will update as you type.
l Select a single status (e.g. Active) to view.
5. If you want to sort the list, click to sort in ascending order, or to sort in descending order in each
column.
6. If you want to activate or deactivate an output:
l Select the outputs in the list, and
l Click either the Activate or Deactivate button.
Note: is displayed when at least one of the objects in the tab is in Critical or Unknown condition.
Tip: Hover your mouse over the status box to view a tooltip.
Physical access to the site allows a user to access areas and doors. Access to the ACM system allows users
to manage the site, such as adding users or monitoring events.
For a user to have access to the system or physical access to the site, they must have an identity.
l If the user requires access to the system, they are issued a login and password. This allows the user to
access areas of the system. The areas of the system the user has access to depends on their role.
l If a user requires physical access to the site, they are issued a token. The token gives the user physical
access to the site. This allows the user to access areas on the site. The areas the user has access to
depends on their role in the system.
Note: If you do not have the correct delegations, you may not be able to access some of the
following pages. See your System Administrator for details.
Identities 65
Configuring HID Mobile Access® Credentials
Before you can issue HID Origo tokens, you must configure HID Origo. For more information, see:
l Prerequisites below
l Step 1: Connecting to the HID Origo External System below
l Step 2: Enrolling Identities and Issuing Tokens on the next page
Prerequisites
You need access to HID Origo configuration information in the HID Origo Management Portal.
Note: Before you begin, obtain the Organization ID and user account information from the HID Origo
Management Portal.
Important: Connecting more than one ACM system to the same HID Origo account is not
recommended.
After the connection is saved, see Step 2: Enrolling Identities and Issuing Tokens below.
Note: Before you begin, configure the Enroll Settings section in the HID Origo Management Portal.
1. Select Identities > Identities and click Search to select an identity already created.
If you need to add an identity, see Adding an Identity on page 69.
If you need to add a role, see Adding an Access Group on page 112 and Assigning an Access Group to
a Role on page 115.
2. Click the Tokens tab and enter:
Token Type HID Origo
Mobile ID Type The mobile ID to be issued to the registered device.
For other field descriptions, see Token Fields on page 81.
Note: Identities using SALTO devices only. First Name and Last Name are required. Identities
using HID Origo tokens only. First Name, Last Name and Email Address are required to enroll
Adding an Identity
A person with an identity record in ACM can be issued a badge to enter the physical site. A user of the ACM
software can be issued a login and password.
1. Select Identities.
2. Click Add Identity.
If Identity Profiles are configured, select the profile for the identity and click OK. The Identity Add page
appears with the details of the identity profile. Otherwise, click Cancel.
3. Fill out the Last Name field and the required details.
Note: Additional fields can be added using the User Forms or User Lists feature. Identities
Adding an Identity 69
using SALTO devices only. First Name and Last Name are required. Identities using HID Origo
tokens only. First Name, Last Name and Email Address are required to enroll the identity in
HID Origo.
4. Click Save.
5. Assign roles to the identity as required on the Roles tab and click .
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
Note: The labels of the built-in tabs, such as Identity and Tokens, may be renamed by your
System Administrator. A custom form or User Defined Tabs with User Defined Fields may be
added at the end of the list.
Adding an Identity 70
Assigning Roles to Identities
A role defines what a user has access to. For identities to have access to the system or physical access to the
site, they must be assigned a role. Each role contains access groups and/or delegations. Access groups allow
a user to have physical access to the site. Delegations allow a user to have access to the system. The user
will be assigned a role depending on their position in the organization.
1. Click Identities.
2. From the Identities Search page, perform a search for an identity.
For more information, see Searching for an Identity on page 68.
3. Click on the name of the identity you want to edit.
4. Select the Roles tab.
5. From the Available list, select all the roles that you want to assign to the user, then click .
The role is added to the Members list to show that it is now assigned.
To remove a role from the user, select the role from the Members list, then click .
Note: You can select multiple items by using the Ctrl or Shift key.
6. Click Save.
To further restrict access, identities can be assigned to specific roles within your site.
Note: If you are assigning HID Origo tokens, see Configuring HID Mobile Access® Credentials
on page 66.
10. Click .
1. Click Identities.
2. From the Identities Search page, perform a search for an identity.
For more information, see Searching for an Identity on page 68.
3. Click on the name of the identity you want to edit.
4. Select the Groups tab.
5. From the Available list, select all the groups that you want to add the user to, then click .
The group is added to the Members list to show that the user is now a member.
To remove a user from a group, select the group from the Members list, then click .
Note: You can select multiple terms by using the Ctrl or Shift key.
6. Click Save.
Deleting a Token
To delete a token:
Note: Using photos taken directly from a mobile phone is not supported. To maintain the aspect ratio
of a photo, you need to download it to your computer and then upload it to the ACM system for
editing, as described below.
Capture or upload photos of a person from the Photos tab on a person's Identity page. Then you can select a
photo from this page to appear on that person's Identity page or printed on an access badge.
Captured photo: A photograph taken by a badge camera connected to your computer and to the ACM
system, and saved in the ACM system. Captured photos are in JPG format.
Uploaded photo: A graphics file in JPG, PNG, or or GIF format that you upload from any location your
computer can access and save in the ACM system. Typically, you would upload a JPG file for access badges.
Note: The Microsoft Edge web browser supports only the uploading of JPG files. Do not attempt to
upload any other file format if you are using the ACM client in the Microsoft Edge web browser.
Photos saved in the ACM system can be cropped, resized, and rotated to meet the standardized
requirements of the badge templates defined in your system.
You can use two types of cameras as a badge camera to capture a photo:
l Local Camera — Any camera connected directly to your computer or built into your computer or
monitor.
l IP-based camera — Any IP-based camera previously connected to your network and added to your
ACM system.
After a photo has been added to the Photos tab of an identity, you can edit the photo to suit the requirements
of your badge templates. Then you can create a badge with that photo. For more information, see Creating
Badges for Identities on page 77.
Capturing a photo
l
From the Identities Search page, click from the Image Capture column.
l From the Identities Search page, click on the name of an identity, select the Photos tab, then
click Capture a Photo.
2. If you are using:
a. A local camera that you have not used before, this page will not appear unless you allow your
web browser to access your camera. The first time you access the Capture page, you are
prompted to allow your browser to access your local camera. Click Allow.
b. An IP-based camera and the camera requires authentication, this page will not appear until you
have entered your login credentials.
Enter a user name and password, then click OK.
The Capture page appears, with the live preview from the camera showing on the right.
3. Click Capture.
The page refreshes to show the captured photo on the left and the live preview on the right.
A cropping overlay is imposed over the photo, The aspect ratio of the overlay is determined by the
values set on the System Settings page for Badge Template Photo Height and Badge Template
Photo Width.
4. Click:
l
Save to save the photo that part of the image highlighted in the cropping overlay is saved.
Cropping the photo using this aspect ratio ensures that the photo will fit exactly into the photo
area on the badge without any distortion.
l
Save and Edit to save the photo and open the photo editing tool, or Save to add the
photo directly to the Photos tab.
5. On the Photos tab, select the Primary checkbox if you want this photo to appear on this person's
6. Click Save.
Uploading a photo
1. From the Identities Search page, click on the name of an identity, select the Photos tab, then click
Upload a Photo.
The screen expands to include more fields.
2. Click Choose File and navigate the directory to find the photo you want to upload.
Click Open to select the photo. You can upload files in JPG, PNG, or GIF format.
3. On the Photos tab, click the Primary checkbox if you want this photo to appear on this person's
Identity page and access badge. If no primary photo is selected, the first photo on the list is used.
4. Click Save.
Editing a photo
You can edit a captured photo when you first save it by clicking Save and Edit. You can edit any saved
photo by clicking on its filename link or thumbnail photo on the Photos tab.
The photo is displayed with a brighter cropping overlay imposed over it. The overlay is preset to the Badge
Photo aspect ratio. This ratio is determined by the values set on the System Settings page for Badge
Template Photo Height and Badge Template Photo Width. Cropping the photo using this aspect ratio
ensures that the photo will fit exactly into the photo area on the badge without any distortion.
Use the mouse in combination with the control buttons under the photo to crop, resize, rotate and flip the
photo. You cannot edit the actual photo, or change its resolution by zooming in and out. The dimensions
shown in the Crop Box options are read-only and cannot be entered directly, but are dynamically updated as
you manipulate the cropping overlay with the mouse.
Click Save.
The Photos tab is displayed with the saved photo.
When you save the photo, that part of the image highlighted in the cropping overlay is saved.
Note: The saved photo replaces the original photo. The original photo cannot be restored.
If you have several photos saved on the Photos tab, the first photo is used on that person's Identity page and
is selected by default for the access badge. To use another photo instead, select the Primary checkbox of
the photo you want.
Deleting a photo
1. Click .
2. Click Save.
Note: Before you can print a badge, you must connect a badge printer to the network and configure
it. For instructions on how to configure your badge printer, refer to the printer's user guide.
1. Click Identities.
2. From the Identities list, click on the name of the identity you want to edit.
3. Select the Badge tab.
4. From the Badge Photo drop down list, select a photo for this badge.
Only the photos that have been previously uploaded or captured for this identity appear in this list.
5. From the Badge Token drop down list, select the token you want to associate with this badge.
Only the tokens that have been previously defined for this user appear in this list.
6. From the Badge Template drop down list, select the badge template that you want to use for this
badge.
Only the badge templates that have been previously defined appear in this list.
Note: When printing the badge, ensure that the Header and Footer settings are turned off or set to
blank.
Timed Access
Timed access allows you to schedule access to a specific set of doors or access groups for one badge-holder
identity. It is useful for providing temporary restricted access to your site for visitors, contractors, temporary
employees, and so on.
Note: All timed access deletions must be done manually. There is no automatic clean-up of timed
access entries.
1. Click Identities.
2. Search for the identity. For more detail refer to Searching for an Identity on page 68.
3. Click on the name of the identity. The Identity: Edit page displays.
4. Click on the Timed Access tab.
Timed Access 78
1. Find the timed access entry for the identity.
2. Click on the Timed Access tab.
3. Complete the fields on the tab. Refer to the guidelines above to select the appropriate timed access
type.
4. Click Add.
The new timed access entry is added to the timed access list. If the timeframe for an entry is currently
active it will display in green. Timeframes for timed access are not checked against schedules. If a
timed access entry is displayed in green but is not working, check any related schedules.
Note: You cannot edit a timed access entry. To change the details of an entry, delete the timed
access entry and add a new one.
Note: All deletions must be done manually. There is no automatic clean-up of timed access entries.
1. Click Identities.
2. Search for the identity. For more information, see Searching for an Identity on page 68.
3. Click the name of the identity.
4. Click the Timed Access tab.
5. Complete the following fields:
l Name
l Type
l Appliance
l Available/Members
1. Click Identities.
2. Search for the identity. For more detail refer to Searching for an Identity on page 68.
3. Click on the name of the identity.
4. Click on the Timed Access tab.
5. View the timed access list.
Note: All deletions must be done manually. There is no automatic clean-up of timed access entries.
Editing an Identity
An identity must be edited when user information changes. For example if a user changes roles, their identity
would need to reflect this. If the role is not updated, the user would not be able to access areas required for
their new role.
Note: The labels of the built-in tabs, such as Identity and Tokens, may be renamed by your
System Administrator. A custom form or User Defined Tabs with User Defined Fields may be
added at the end of the list.
Token Fields
Add or edit a token for an identity on the Token tab in Identities:
Token Type Displays only for ViRDI, PIV and PIV-I, SALTO, and HID Origo tokens:
l Default: For all other types of tokens.
l VIRDI Biometrics: Only if ViRDI system settings have been applied.
l PIV or PIV-I: Only if pivCLASS system settings have been applied. See
Appendix: pivCLASS Configuration on page 529.
l SALTO
l HID Origo
Token Fields 81
Mobile Application Type Displays only for SALTO tokens.
Default is None.
Note: When issuing mobile keys, the encoder requires access to the
internet.
The mobile phone number in international format (plus sign and no spaces).
Example: +12345678910
Note: The mobile app must be installed on the mobile phone of this
phone number.
User ID Displays for ViRDI Biometrics only; read-only field. The ID number for the token
assigned from the range configured when the ViRDI external system was
configured.
Embossed Number The number to be printed on a badge.
Note: Duplicate numbers are not allowed in the ACM system. Ensure
the configuration of mobile IDs in HID Origo prevents duplicate
credential numbers.
Token Fields 82
PIN When a PIN is required, the PIN number that the user will be required to enter at
a keypad card reader.
Example: If a 3-digit length was configured on the Card Format: Edit page, you
can enter 123 for the issue level of the card.
For more information, see Issue Level Numbering for Reusing a Card Number on
page 325.
Last Area The last area the token gained access to.
SALTO tokens. Click the Download button, which downloads the token to the
SALTO server and door.
Never Expire The token never expires.
Extended Door Times A checkbox to give the token extended access time.
Once enabled, the door remains unlocked for a longer period of time than the
standard access time to accommodate users that may require more time to enter
a door.
Standard and extended access times are specified on the Door Edit page.
Token Fields 83
Office Displays for SALTO tokens only.
A checkbox to enable the token to activate Office mode for a door that is
configured for Office mode, which allows the cardholder to leave the lock open.
To use this mode, the cardholder presents the key to the door while pressing
down the inner handle and repeats the procedure to undo the mode.
Set Lockdown Displays for SALTO tokens only.
To use this mode, the cardholder presents the key to the door's inside reader
and repeats the procedure to undo the mode.
Override Privacy Displays for SALTO tokens only.
A checkbox to allow the cardholder to access a door locked from the inside at
any time.
Override Lockdown Displays for SALTO tokens only.
A checkbox to allow the person to access a door closed from the inside during
lockdown state.
Audit Openings Displays for SALTO tokens only.
For example, a key requires revalidation every seven days, if the update period
is set to 7 days. If the key is used on the third day, the update period is reset. If
the key is not used for over seven days, the key becomes invalid.
Pin exempt A checkbox to exempt the token from PIN entry at a keypad card reader.
Token Fields 84
Deactivate Date The deactivation date for the token. Click the field to use the calendar.
In ACM 6.18 and later releases, there is no deactivate date for the token that has
Never Expire enabled.
Last Door The last door the token was used to gain access.
Last Used The last time the token was used to gain access.
1 free pass Displays when editing ViRDI Biometrics tokens only. From the drop-down list,
select a door.
Click 1 free pass to allow the user to enter the door without generating an APB
error.
Sends an invitation email with app download instructions and invitation code in
order that the identity can redeem the issued token.
Note: First Name, Last Name and Email Address are required to enroll
the identity in HID Origo.
Issue Token Displays only for HID Origo tokens. Only applicable after the identity is enrolled.
Save and Enroll Displays only for ViRDI Biometrics tokens. It is active when the Biometric
Enrollment (BE) Manager is running.
Click the button to save your changes and open the BE Manager to enroll and
register the fingerprint for the identity.
Token Fields 85
Click this button to save your changes.
Token Fields 86
Managing Roles
The Roles feature allows you to define the access control permissions and application permissions that are
available in the system. After roles are defined they can be assigned to identities, depending on the type of
access control or application functions they are permitted to have.
Configuring Roles
A role is a container for all the permissions an ACM operator needs in the ACM system to perform a specific
function in the organization. Each role can include access groups, delegations, routing groups, and role-
assignment privileges.
l An access group contains all the doors and elevator access levels that a badge holder needs to
access.
l A delegation is a list of permissions for the functionality within the ACM system that allows an ACM
operator to configure settings and monitor events.
l A routing group allows an ACM operator to monitor specific event types and hardware components.
l Within the role, you can also specify which roles an operator can assign to other people.
After you have defined access groups, delegations, routing groups, and role-assignment privileges, you can
assign them to the appropriate roles, and then assign the roles to identities in the system.
Adding a Role
A Role defines a set of permissions in the ACM application that allow users to perform specific functions.
Note: Define your required access groups, delegations, and routing groups before you configure
roles.
Managing Roles 87
1. Select Roles > Roles.
2. Click Add Role and enter a name for the new role.
Or, click to create a copy of an existing role.
Note: A copy of a child role includes the link to the parent role. A copy of a parent role does
not include any of the child roles.
4. Click Save.
The Role Edit screen is displayed.
5. Select the Access Groups tab to assign access groups to the role.
6. Select the Delegate tab to assign delegations to the role.
7. Select the Routing tab to assign routing groups to the role.
8. Select the Asgn Roles tab to specify role-assignment privileges. Operators with this role can only
assign the specified roles in this list to other people in the system.
9. Select the Access tab to view access groups, doors, and identities associated with this role.
10. Select the Audit tab to view a log of all the changes that have been made to this role.
Editing a Role
To edit an existing role:
1. Click Roles.
2. From the Roles list, click on the role you want to edit.
3. Navigate through the tabbed pages and edit the details as required. The tabbed pages include:
l Role Edit: use this page to edit general settings for the role.
l Access Groups: use this page to assign access groups to the role.
l Delegate: use this page to assign delegations to the role.
l Routing: use this page to assign routing groups to the role.
l Asgn Roles: use this page to specify role-assignment privileges. Operators with this role can
only assign the specified roles in this list to other people in the system.
l Access: use this page to view access groups, doors, and identities associated with this role.
l Audit: use this page to view a log of all the changes that have been made to this role.
Editing a Role 88
Assigning an Access Group to a Role
You must assign an access group to a role to make it effective.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
4. Click Save.
All the people with the role now have the access permissions defined by the access group.
3. From the Available list, select all the delegations that should be part of the role then click .
The delegation is added to the Members list to show that it is now part of the role.
To remove a delegation from the role, select the delegation from the Members list and click .
Tip: You can select multiple terms by using the Ctrl or Shift key and move them with one
click.
4. Click Save.
4. From the Available list, select all the routing groups that should be part of the role, then click .
The routing group is added to the Members list to show that it is now part of the role.
To remove an routing group from the role, select the routing group from the Members list, then click .
Note: You can select multiple terms by using the Ctrl or Shift key.
5. Click Save.
Assigning Roles
The Asgn Roles tab allows you to authorize members of this role to assign specified roles to other users.
1. Click Roles.
2. From the Roles list, click on the role you want to edit.
3. Select the Asgn Roles tab.
4. From the Available list, select all the roles you want to allow members of this role to assign to others,
then click .
The role is added to the Members list.
To remove a role from the list, select the role from the Members list, then click .
Note: You can select multiple terms by using the Ctrl or Shift key.
5. Click Save.
Deleting a Role
To delete an existing role:
Assigning Roles 90
1. Select Roles.
2. From the Roles list, click beside the role that you want to delete.
3. When the confirmation message is displayed, click OK.
1. Select Name, Installed, Default, Start Date or Stop Date in Search Field.
2. Select the search operator in Search Value and type in your search.
3. Optional. To refine your search, click Add Criteria, repeat the above steps, and select the And or Or
search operator (located next to the Search button).
To remove a single criteria row, click Remove. To clear all fields, click Clear Search.
4. Click Search.
The results are displayed.
Name The name of the role.
Click the name to edit the role.
Parent The parent of the role.
Click the name to edit the role.
Child Roles The child roles of the parent role.
Installed The role is currently operational and available to the system, if enabled.
indicates it is disabled.
Click the icon to change the setting.
Default The role is assigned automatically when adding a new identity.
indicates it is disabled.
Click the icon to change the setting.
Note: Changing this setting does not affect any existing identity. It is only
applied when a new identity is created. For example, you can change
these settings to enroll several identities with the same set of roles in a
single session, or use them to define a common set of roles applicable to
all identities.
Start Date The activation date and time for the role. Default is today's date at time of role
creation.
Note: A copy of a child role includes the link to the parent role. A copy of
a parent role does not include any of the child roles.
Role Fields
Add or edit a role on the Roles > Roles page:
Only the roles that have been defined in the system appear in the drop down list.
The child role will inherit all the access permissions defined in the parent role. Also,
you cannot delete a parent role until you delete all its children.
Start Date The activation date and time for the role. Default is today's date at time of role
creation.
Date and time are displayed in the local time of the ACM appliance.
Stop Date The deactivation date and time for the role; for example, 12/31/2037 23:59:59.
To display the field and use the calendar, remove the checkmark in Never Expire
before you click the field. In ACM 6.18 onwards, there is no stop date for the role that
has Never Expire enabled.
Date and time are displayed in the local time of the ACM appliance.
Never Expire The role never expires. For a new role, the setting is enabled by default.
Role Fields 92
Installed The role is currently operational and available to the system, if enabled.
Default The role is assigned automatically when adding a new identity.
Activating this setting does not affect any existing identity. It is only applied when a
new identity is created. You will have to edit existing identities if you want this role
applied to them.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the
item, select one or more partitions. To allow all operators access to the item, do not
select a partition.
Click this button to save your changes.
Feature Description
Available A list of access groups that have been configured in the system.
To assign an access group to this role, select the access group, then click .
Members A list of access groups that have been assigned to this role.
To remove an access group from this role, select the access group, then click .
Click this button to save your changes.
Note: You can select multiple terms by using the Ctrl or Shift key.
To add a delegation to this role, select the delegation from the Available list, then click to
move it to the Members list.
Members A list of delegations that have been assigned to this role.
To remove a delegation from this role, select the delegation from the Members list, then click
to move it to the Available list.
Click this button to save your changes.
Note: You can select multiple terms by using the Ctrl or Shift key.
Feature Description
Available A list of routing groups that have been defined in the system.
To assign a routing group to this role, select the routing group, then click .
Members A list of routing groups that have been assigned to this role.
To remove a routing group from this role, select the routing group, then click .
Click this button to save your changes.
Note: You can select multiple terms by using the Ctrl or Shift key.
Feature Description
Available A list of roles that have been configured in the system.
To allow members of this role to assign a specific role to other identities, select the role, then
click .
Members A list of roles that the user is allowed to assign to others.
To remove a role from this list, select the role, then click .
Click this button to save your changes.
Note: You can select multiple terms by using the Ctrl or Shift key.
Feature Description
Child Roles The child roles of the parent role.
Click + or - beside each role to show or hide the identities that are associated with that role.
Identities The identities that are members of the role.
Parent The parent of the role.
Click + or - beside the parent role to show or hide the access groups and doors that are
assigned to that role.
Access The access groups that are assigned to the role.
Groups
Doors The doors that are assigned to the role.
Feature Description
Date The date and time when this role was modified.
Operator The user that modified this role.
Attribute The specific role detail that was modified.
Configuring Policies
Policies define access regulations for doors, inputs, and outputs. For example, you can specify the number of
allowed PIN attempts at a keypad entry or the length of time a user is allowed to stay in an area. Use policies
to override the settings that have been configured for individual doors, inputs, and outputs.
For doors, you can also define Priority Door policies for high-priority and emergency situations. A Priority
Door Policy replaces the current settings for a group of doors, including settings applied by other door
policies, priority and non-priority global actions, job specifications, and macros.
Priority-enabled policies are intended to support the emergency operating procedures at your site, including
potentially life-threatening situations (such as fires, tornadoes, earthquakes, physical attacks), and hazardous
situations (such as chemical spills, gas leaks, explosions). These policies require special permissions to
configure, and use specific options to operate. For more information, see Priority Situations on page 458 and
Triggering Door Lockdown By Panic Button or Red Card on page 469.
Policies are enabled through the Groups feature. After you have created a policy, you must assign it to a
group of hardware components to make it effective. All users and security devices that are assigned to the
group are affected by the policies that are in the group.
Adding a Policy
To add a new policy:
5. Click Save.
When the page refreshes, the Policy Edit screen is displayed.
Configuring Policies 96
6. Depending on the options you selected on the Policy Add page, this screen may have any of the
following tabbed pages:
l Select the Mercury tab to override settings for doors that are connected to a Mercury Security
panel.
l Select the Input tab to override settings for inputs.
l Select the Output tab to override settings for outputs.
Editing a Policy
To edit an existing policy:
Deleting a Policy
To delete an existing policy:
2. From the Policies Listing page, click beside the policy that you want to delete.
3. When the confirmation message is displayed, click OK.
Policies list
When you select Roles > Policies, the Policies list is displayed. This page lists all the Policies that have been
configured in the system.
Features Description
Name The name of this policy.
Editing a Policy 97
Features Description
Installed
Indicates if this policy is communicating with the appliance. Yes ( ) or No ( ).
Feature Description
Name Enter the name of this policy.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Installed Check this box to indicate that this policy is currently operational and available to the system.
Door Check this box to affect doors with this policy.
Input Check this box to affect inputs with this policy.
Output Check this box to affect outputs with this policy.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Feature Description
Name Enter the name of this policy.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Installed Check this box to indicate that this policy is currently operational and available to the system.
CAUTION — If no Door Mode is selected for this policy and you do not select a schedule or select
Never Active and the policy is applied to a group of doors after a non-priority Global Action has been
triggered, the Door Mode is set to Card Only regardless of the higher-priority setting applied by the
Global Action.
Field Description
Priority Click this checkbox to specify this is a Priority Door Policy. This option is only enabled when
the values in the Lock Mode and Custom Schedule options are correctly configured.
The settings in a Priority Door Policy are applied to all Mercury Security doors and panels that
the policy is associated with when it is activated. A Priority Door Policy is intended as a
response to priority situations, such as unpredictable emergencies. For detailed instructions,
see Priority Situations on page 458.
Name Enter the name of this door policy.
Access Type Select the access type for this door policy.
Lock Mode For a wireless door, select the lock mode to be set by this door policy.
Select None if you are configuring a Priority Door Policy. This setting is used with the setting
in the Custom Schedule option to enable the Priority checkbox.
Important: You must select a Door Mode and for every door policy you create. If a
Door Mode is not selected:
Offline Door Select the entry mode used for the door if the door controller is no longer communicating
Mode with the panel. The Offline Door Mode is no longer supported if the door controller is
connected to an LP4502 panel that has replaced an HID VertX panel.
Note: In many cases readers in offline mode require a very simple solution for entry
or exit because of the memory limitations. The recommended Offline Door Mode
option is Locked No Access.
Custom Select an additional door mode that will be active during the time specified in the Custom
mode Schedule field.
Custom Define when the Custom Mode would be active.
Schedule
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Important: Select 24 Hours Active if you are configuring a Priority Door Policy. This
setting is used with the setting in the Lock Mode option to enable the Priority
checkbox.
APB mode Select the Anti-Passback (APB) mode for this door policy.
Only the areas that have been previously configured in the system appear in this list.
Out of Area Select the area that the user exits by passing through a door.
Only the areas that have been previously configured in the system appear in this list.
PIN timeout Enter the number of seconds that is allowed for a user to enter a PIN before it times out.
For more information on LED modes, see LED Modes for Mercury Security on page 322.
Held pre- Enter the number of seconds a door can be held open before a pre-alarm is issued.
alarm
Instead of generating an alarm, it sends a warning signal to the Access Control Manager
server.
Access time Enter the number of seconds a door remains unlocked after a card has been swiped.
when open
Standard Enter the number of seconds a door remains unlocked after access has been granted.
access time
If the door is not opened within this time, it will automatically lock.
Held open Enter the number of seconds a door can be held open before a Door Held Open event is
generated.
Extended Enter the number of seconds a door remains unlocked after access has been granted to
access token holders with extended access permissions.
This feature is useful for users that may require more time to enter a door.
Extended Enter the number of seconds a door can be held open for users with extended access
held permissions.
This feature is useful for users that may require more time to enter a door.
Strike Mode Select the strike mode.
l Cut short when open — the strike is deactivated when the door opens.
l Full strike time — the strike is deactivated when the strike timer expires.
l Turn off on close — the strike is deactivated when the door closes.
Mask Forced Specify when Forced Door events are masked.
During
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Mask Held Specify when Door Held Open events are masked.
During
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Always Mask From the drop down box, select TRUE to mask all Forced Door events.
Forced
Always Mask From the drop down box, select TRUE to mask all Door Held Open events.
Held
Door Processing Attributes
Enable Select TRUE to allow the user to enter their card number digits at the a keypad entry.
cipher mode
Deny duress Select TRUE to deny access to a user that indicates duress at a door.
This feature is useful for circumstances where it is important to know all the details of an
event.
Use shunt Select TRUE to enable the use of shunt relay for this door.
relay
Do not log Select TRUE to disable logging of request-to-exit transactions.
Rex
transactions
Click this button to save your changes.
Create New Click this button to generate a PDF report on this door policy.
Report
Feature Description
Name Enter the name of this input.
Debounce Select the number of units (approximately 16 ms each) allowed for debouncing.
Entry Enter the number of seconds allowed for entry before this input issues an alarm.
Delay
Exit Delay Enter the number of seconds allowed for exit before this input issues an alarm.
For example, if the input point goes into alarm, then restores, it will hold it in that alarm state for
1 to 15 seconds after it returns to normal before reporting the normal state.
Logging Enter the type of logging you need for this input. Valid values are:
l Log all changes: Log all changes affecting this input.
l Do not log CoS if masked: Log all changes except change of state events if the input is
currently masked.
l Do not log CoS of masked & no trouble CoS: Log all changes except change of state
events if the input is currently masked and there are no trouble CoS events.
Schedule Define when the input is masked. When the schedule is active, the input will be masked.
Mode Enter the mode used for this input. The available options are:
l Normal: The door input is a normal door contact.
l Non-latching: The door input is a non-latching contact.
l Latching: The door input is latching contact.
EOL Select the EOL resistance value you need for this input.
resistance
Only those EOL resistance values previously defined for this system appear in this list.
Enabled Check this box to indicate that this input is connected and ready to communicate with the
Access Control Manager host.
Masked Select TRUE to indicate that this input is normally masked.
Click this button to save your changes.
Feature Description
Name Enter the name of the output.
Enabled Check this box to indicate that this output is connected and ready to communicate with the
Access Control Manager host.
Mode Select the output mode.
Pulse Enter the pulse interval time. This is the number of seconds that the output will activate when a
Time pulse command is issued. This field is only available on outputs not associated with doors (e.g.
auxiliary relays).
Schedule Select a schedule from the drop down list. Only schedules that have been defined in the system
are listed.
Feature Description
Date The date and time when this policy was modified.
Operator The user that modified this policy.
Attribute The field that was modified.
Before The value in the field before this change took effect.
Configuring Groups
The groups feature allows you to group hardware components (cameras, doors, etc.) and/ or system
components (identities, roles, etc.). Groups are useful for various functions, including:
l Applying identity profiles to many people at a time using the batch update feature.
l Applying door templates to many doors at once using the batch update feature.
l Enabling operators to monitor specific event types and hardware components through routing groups.
l Assigning policies to override settings on a group of hardware components.
Note: Groups should not be confused with Access Groups. For more information on Access Groups,
see Managing Door Access on page 112.
Adding a Group
To add a new group:
Editing a Group
To edit an existing group:
4. From the Available list, select all the policies that you want to assign to the group, then click .
The policy is added to the Members list to show that it is now assigned.
To remove a policy from the group, select the policy from the Members list, then click .
5. Click Save.
NOTE: If there are ten or more entries in the list in the Available window, a standard Search will display
- this can be used to narrow the list. If there are more than 2,000 entries then an Advanced Search will
display to enable you to narrow the list.
5. FromtheAvailablelist,selectalltheitemsthatyouwanttoassignasmembersofthegroup,thenclick .
The item is added to the Members list to show that it is now assigned.
To remove a item from the group, select the item from the Members list, then click .
Note: You can select multiple terms by using the Ctrl or Shift key.
6. Click Save.
5. Click Save.
The Group Edit screen is displayed.
6. Select the Members tab.
7. From the Type drop-down list, select a type of hardware component.
Note: Do not select Identity or Role, since they are not routable.
8. Select the hardware components that you want to add to the group.
9. Repeat the previous two steps if you want to add different types of hardware components to the
group.
7. Select the policy that you want to assign to the group, then click .
8. Select the Members tab.
9. From the Type drop-down list, select a type of hardware component.
Note: Do not select Identity or Role, since they will not be affected by the policy.
10. Select the hardware components that you want to override, then click .
The hardware in the group are now overridden by the specified policy.
Note: You will need at least one identity profile and a group of identities to perform a batch update.
You can perform a batch update from either the Identity Profiles page or Groups page.
2. On the Identity Profiles list, click in the Batch Update column beside the identity profile you want
to apply.
The Batch Update dialog box pops up.
From the Group drop down list, select a group.
3. Click OK.
All the identities in this group are updated with the identity profile.
2. From the Batch Update column, click beside the group that you want to edit.
The Batch Update dialog box pops up.
3. From the Identity Profile drop down list, select an identity profile.
4. Click Save.
All the identities in the group are updated with this identity profile.
WARNING — There is a risk of losing a door template batch update report due to blocked pop-ups in your
web browser. When a door template batch update is performed on a group of doors, a report is generated
that you can save to your local system. If pop-ups from the ACM client are blocked by your web browser, the
report cannot be saved. Your web browser will notify you that the pop-up is blocked, and offer you the option
to unblock the pop-up. To save the report (and all future reports), you must enable pop-ups in your web
browser from your ACM client. For instructions on how to enable pop-ups, refer to the Help files for your web
browser.
2. From the Batch Update column, click beside the group of identities or group of doors that you
want to update.
The Batch Update dialog box pops up.
3. From the drop-down list, choose the identity profile or door template you want to apply to members of
this group.
Only the identity profiles or door templates previously defined by the system appear in this list.
4. Click Save.
Note: If you are doing a door template batch update on a group of doors, you will either be
prompted to save the report generated by the system (if pop-ups from the ACM client are
unblocked) or your web browser will notify you that the pop-up has been blocked.
All members in this group now have the field values defined by the identity profile or door template.
Deleting a Group
To delete an existing group:
2. From the Groups list, click beside the group that you want to delete.
3. When the confirmation message is displayed, click OK.
Groups list
When you select Roles > Groups, the Groups list is displayed. This page lists all the Groups that have been
configured in the system.
Feature Description
Name The name of this group.
Feature Description
Available A list of policies that have been configured in the system.
To assign a policy to this group, select the policy from the Available list, then click to move
it to the Members list.
Members A list of policies that are currently associated with this group.
To remove a policy from the group, select the policy from the Members list, then click to
move it to the Available list.
Click this button to save your changes.
Note: You can select multiple terms by using the Ctrl or Shift key.
Feature Description
Type Select the component type you want to add to this group.
Once you select a type, the relevant components will appear in the Available window.
Available A list of available components in the system.
To remove a component from this group, select the component, then click .
Click this button to save your changes.
Note: You can select multiple terms by using the Ctrl or Shift key.
Feature Description
Date The date and time when this group was modified.
Operator The user that modified this group.
Attribute The field that was modified.
Before The value in the field before this change took effect.
You must configure doors before you can create access groups. If you want to control access to the floors of
a building, you should configure elevator access levels beforehand as well. For more information on elevator
access levels, see Managing Elevator Access on page 132.
After you have created an access group, you must assign it to a role to make it effective. This allows members
of the role to access the specified doors and elevator access levels in the access group.
Tip: It is recommended that you configure doors and elevator access levels before you create
access groups.
Note: A copy of an existing access group includes only the member's doors in your partition.
The copy does not include any of the roles or identities that are associated with the existing
5. Click Save.
The Access Group: Edit page is displayed.
6. Select the doors you want to add to the access group.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
7. Click Save.
Tip: If a message indicates the Advanced Schedule option cannot be enabled when saving,
do any of the following:
l Save the schedule without Advanced Schedule selected. Some doors only support
basic schedules.
l Find the access groups using the schedule and select another schedule.
8. After you have created an access group, you must assign it to a role to make it effective. For more
information, see Assigning an Access Group to a Role on page 89.
Note: You can only delete access groups that are not linked to any roles.
Before you can delete an access group, you must remove the access group from the associated role. For
more information, see Assigning an Access Group to a Role on page 89.
2. From the Access Groups list, click beside the access group that you want to delete.
3. When the confirmation message is displayed, click OK.
1. Create a role called "HR Role" that includes two access groups.
l Access Group 1 has Schedule 9 am-5 pm M - F and Door "Front Door" on Panel 1.
l Access Group 2 has Schedule 11 am-2 pm M - F and Door "Break Room Door" on Panel 2.
2. Assign a user to the HR Role.
3. Create a token for the user called Token A with the internal number 12345.
To download these access permissions to the appropriate panels, the program must perform these
operations:
l Assign an access group to Panel 1 with a schedule of 9 am - 5 pm M - F and Door "Front Door". Name
this Access Group 1.
l Assign an access group to Panel 2 with a schedule of 11 am - 2 pm M - F and Door "Break Room Door".
Name this Access Group 2.
l Download Token A to Panel 1 - Token Number 12345, AG 1.
l Download Token A to Panel 2 - Token Number 12345, AG 2.
1. Select Roles.
2. In the Roles list, click the role you want to edit.
3. On the Role Edit page, select the Access Groups tab.
4. Select the access groups that you want to add to the role.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
5. Click Save.
All the people with this role now have the access permissions defined by the access group.
Note: A copy of an existing access group includes only the member's doors in
your partition. The copy does not include any of the roles or identities that are
associated with the existing access group.
Note: You cannot delete access groups that have been assigned to a role.
Select a schedule from the drop down list. Only schedules that have been defined in the system
are listed.
Tip: If a message indicates the Advanced Schedule option cannot be enabled when
saving, do any of the following:
l Save the schedule without Advanced Schedule selected. Some doors only
support basic schedules.
l Find the access groups using the schedule and select another schedule.
Elevator The elevator access level that applies to the access group.
Access
level Only the elevator access levels that have been defined in the system appear in this list.
Installed If selected, the access group is currently operational and available to the system.
Note: Fields in this list are dependent on the door or device. Some commands or fields
are not supported for all doors or devices.
Privacy Override ASSA ABLOY IP-enabled door only. Enables the cardholder to override and
unlock a door that is locked from the inside after the privacy button has been pressed.
Available The available doors on the appliance.
To add a door to the access group, select the door from the Available list and click to
move it to the Members list.
Members The doors that are assigned to the access group.
To remove a door from the access group, select the door from the Members list and click
to move it to the Available list.
Click this button to save your changes.
Feature Description
Access The name of this access group.
Group
Click the name to return to the Edit page.
Doors A list of doors that can be accessed by identities in this access group.
Roles A list of roles that are assigned to this access group.
Click + or - beside each role to show or hide the identities that are in the access group through
the role.
Identities A list of users that are members of the access group.
Feature Description
Date The date and time when this access group was modified.
Operator The user who modified this access group.
Attribute The specific access group detail that was modified.
To give an ACM operator permission to use specific functions, you create a delegation that contains only the
permissions to use those specific functions, and then assign that delegation to a role. Only when a role
assigned that delegation s assigned to an operator can the operator access these functions. For example, for
an operator to validate an SSL certificate from an LDAP server, that operator must be assigned a role that
contains a delegation that includes the Collaboration Validate Certificate permission.
After you have created a delegation, you must assign it to a role to make it effective.
Adding a Delegation
To add a new delegation:
3. Click Save.
The Delegation Edit page appears.
4. Select the permissions you want to include in the delegation.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
5. Click Save.
6. After you have created a delegation, you must assign it to a role to make it effective. For more
information, see Adding a Delegation to a Role on the next page.
4. Click Save.
1. Click Roles.
The Roles list is displayed.
2. From the Roles list, click on the role you want to edit.
The Role Edit screen appears.
3. Select the Delegate tab.
4. Select the delegations that you want to add to the role.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
5. Click Save.
All the people with this role now have the access permissions defined by the delegation.
Deleting a Delegation
To delete an existing delegation:
2. From the Delegations list, click beside the delegation that you want to delete.
3. When the confirmation message is displayed, click OK.
Delegations list
When you select Roles > Delegations, the Delegations list is displayed. This page lists all the
This page allows you to specify what tasks are authorized by this delegation.
Feature Description
Name Enter the name of the delegation.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Available A list of available tasks in the ACM application.
To add a task to the delegation, select the term from the Available list, then click to move it
to the Members list.
Members A list of tasks that are Members of this delegation.
To remove a task from this delegation, select the term from the Members list, then click to
move it to the Available list.
Search Enter a term, then click Filter to filter the results in the Available window.
Note: You can select multiple terms by using the Ctrl or Shift key.
Tip: Refer to this information if you are performing initial configuration of an ACM appliance before
its deployment.
Partitions are separate administrative access zones within the ACM system that can be independently
managed. Since it is highly scalable, a single ACM system can be partitioned to manage access for individual
tenants in an office tower, buildings on a campus, or locations in a geographically dispersed organization.
Think of partitions as independent instances of an ACM system within your ACM system.
Partitioning is much like filtering. You can create simple functional partitions or complex special-purpose
partitions. The more complex your partitioning is, the more carefully it needs to be administered.
Note: Do not confuse areas with partitions. A partition is a separate administrative access zone
within the ACM system. An area is a physical location that requires additional access control.
Therefore, in a partitioned system, an area is configured within a partition.
In a non-partitioned system, all the items and functions are potentially available to all identities (ACM
operators and badge holders). Roles and delegations are used to restrict operator access to the functionality
and items, and access groups are used to restrict badge holders physical access.
Important: In a partitioned system, all the items and functionality that are assigned to a partition are
available only to identities who are also assigned to that partition. Within a partition, roles and
delegations are used to restrict operator access to functionality and items, and access groups are
used to restrict badge holders physical access. All partition items can be assigned to multiple
partitions.
It is recommended that an ACM system is partitioned before it is deployed, and that you use the default
System Administrator identity (with the login ID admin) to set up the partitioned system.
Items not assigned to any partition belong to an unnamed partition, called the blank partition, and are
available to all identities. Treat the blank partition as a separate partition that everyone can access. For badge
holders, use the blank partition to contain the doors to common areas, which might include building
entrances, parking garages, elevators, and the like, which all badge holders can access. For ACM operators,
use the blank partition to contain the common items, which any operator can configure.
Tip: Alternatively, you can create dedicated common partitions , which might be more practical for a
geographically dispersed partitioned ACM system, and keep the blank partition empty.
After partitions are configured, the Partition drop-down menu appears as a configuration option for any
object that can be assigned to a partition.
Some of the considerations you should keep in mind when planning your partitions:
l Centralize control.
Always use the default system administrator identity to set up partitions. This identity always has full
access to all partitions.
l Limit ACM operator access to partitions.
Only allow the ACM operators who are responsible for access control operations within a partition
permission to access that partition. To enforce this:
o Create a custom admin role for the ACM operator identities assigned to administer a partition.
Configure this role and its delegations so that the system administrator of a partition is
prevented from creating partitions or assigning themselves to other partitions.
o Create custom roles with the required delegations for ACM operator identities assigned other
responsibilities in a partition. Configure these roles to include only the delegations needed. The
default roles (such as monitoring, or enrollment operator) can also be used, as they are
preconfigured with the necessary delegations.
For example, to create an enrollment operator who , ensure that
o Create identity records for ACM operators restricted to specific partitions so that they cannot
view or change their own identity records. Configure the operator's identity record
(Identities>Identity) so that it is not visible to any partition that includes them as an operator
(Roles>Partitions).
Important: If you are partitioning roles or delegations, ensure that the operators assigned to
those roles and delegations also have access to the partitions.
Tip: If you must have partitions with duplicate items, such as doors shared by two tenants, be
aware of some of the complications that administrators or other operators with access to
some (but not all) partitions may encounter when modifying partitions. For example, you may
experience problems if you have to change the configuration of your partitions as tenants
move in or out, or increase or decrease their floorspace.
In a partitioned system, there will be a limited number of badge-holders who can access all the partitions,
such as concierge, security, service, and maintenance personnel. These personnel should be assigned to all
partitions in their identity record. Regardless of whether the system is partitioned, there should also be at
least one other ACM operator assigned the SuperAdmin role, as a backup for the default System
Administrator account for the ACM system.
After you have partitioned the system, you can use routing groups. For more information on routing groups,
see Routing Events to the Monitor Screen on page 127.
Adding a Partition
This is a basic procedure on how to add a partition. For a more advanced procedure on how to partition the
ACM system, see Configuring a Partitioned ACM System on the previous page.
Tip: It is recommended that you use the default Admin account to set up partitions.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
5. Click Save.
The Partitions field now appears as a configuration option for most system settings.
4. Click Save.
Deleting a Partition
To delete an existing partition:
2. From the Partitions list, click beside the partition that you want to delete.
3. When the confirmation message is displayed, click OK.
Partitions - List
When you select Roles > Partitions, the Partitions list is displayed. This page lists all partitions that have
been configured in the system.
Feature Description
Name The name of this partition.
5. From the Available list, select the users that should have access to the partition, then click .
The users are added to the Members list to show that they have access to the partition.
To remove users from the partition, select the users from the Members list and click .
Note: You can select multiple terms by using the Ctrl or Shift key.
Feature Description
Name Enter the name of this partition.
Available A list of users in the system. Only users with login credentials appear in this list.
To add a user to this partition, select the user from the Available list, then click to move it to
the Members list.
Members A list of users that have access to this partition.
To remove a user from this partition, select a user from the Members list, then click to
move it to the Available list.
Click this button to save your changes.
Note: You can select multiple terms by using the Ctrl or Shift key.
Important: If a role is assigned to specific partitions, operators not assigned to any of those
partitions may be prevented from accessing the ACM system, or parts of it. To avoid this,
ensure that all identities assigned the role also have access to the same partitions. You may
also have to create additional roles to access the same functionality in the other partitions.
The same is also true of delegations.
l All of the entities, such as doors and related infrastructure (policies, groups, access groups, routing
groups, and elevator access levels), within the partition's scope that allow badge holders physical
access to the site.
Membership of any entity in a partition is assigned in its edit page. Navigate to the entity's edit page
and select the partition, or partitions, from the Partitions drop-down list.
An empty, or blank, Partition field for any entity has a specific meaning. An entity not assigned to any partition
can be viewed by all ACM operators, including those not assigned to a partition. However, as soon as any
entity (which could be a badge holder, an operator, a door, or any logical entity such as an access group) is
assigned to a partition, it can only be viewed by operators assigned to that partition. An entity assigned to
more than one partition can be viewed by operators assigned to any of those partitions. When an entity is
assigned to all partitions, it can be viewed by all operators except operators not assigned to any partitions.
For example, identity records with a blank partition field can be viewed by any ACM operator. However,
identity records with one or more partitions assigned to them can only be viewed by ACM operators with
access to any of those partitions. If you assign an ACM operator to a partition, their identity record can only be
viewed by other operators assigned to that partition. Similarly, for badge holders assigned to a partition, their
identity records can only be viewed by operators assigned to that partition and their access privileges are
restricted to the reader and doors in that partition (plus readers and doors not in any partition).
For example, a lobby security guard may only need to monitor people who access the building through the
front door during regular work hours, but they would not need to know about system activity in the ACM
application. You can use a routing group to ensure that the security guard only sees events related to the
lobby area.
You must set up partitions and groups before you can use routing groups. For more information on partitions,
see Managing a Partitioned ACM System on page 121. For more information on groups, see Configuring
Groups on page 104.
After you have created a routing group, you must assign it to a role to make it effective.
For example, a lobby security guard may only need to monitor people who access the building through the
front door during regular work hours, but they would not need to monitor operators that are logging in and
out of the ACM application.
After you have defined a routing group, only the event types produced by the event sources during the
specified schedule will be routed to the Monitor screen.
You must set up routing schedules and groups of hardware components before you can use routing groups.
1. Configure partitions for the routing group. For more information on configuring partitions, see
Configuring a Partitioned ACM System on page 123.
2. Create a hardware group that contains the event sources of interest. For more information on creating
a hardware group for routing, see Creating a Hardware Group for Routing on page 106.
3. If you want to route events for specific time intervals, set up one or more schedules. For more
information on adding a schedule, see Adding Schedules (Intervals in Schedules) on page 395.
4. Select Roles > Routing Groups.
The Routing Groups list is displayed.
5. Click Add New Routing Group.
The Routing Group Add page is displayed.
6. Enter a name for the routing group.
7. Complete the remainder of the page with the required details.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
5. Click Save.
All the operators with this role can now monitor the events defined by the routing group.
2. From the Routing Groups list, click beside the routing group that you want to delete.
3. When the confirmation message is displayed, click OK.
Feature Description
Name The name of the routing group.
Feature Description
Name Enter the name of this routing group.
Schedule Select a schedule from the drop down list. Only schedules that have been defined in the system
are listed.
Schedule From the drop down list, select the option that qualifies the schedule.
Qualifier
l Appliance : Relative to the local time on the appliance when the transaction was created
within the ACM system.
l Event: Relative to the local time when the originating event occurred.
Installed Check this box to indicate that this routing group is currently operational and available to the
system.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Feature Description
Name Enter the name of this routing group.
Schedule Select a schedule from the drop down list. Only schedules that have been defined in the system
are listed.
Schedule From the drop down list, select the option that qualifies the schedule.
Qualifier
l Appliance : Relative to the local time on the appliance when the transaction was created
within the ACM system.
l Event: Relative to the local time when the originating event occurred.
Installed Check this box to indicate that this routing group is currently operational and available to the
system.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Feature Description
Routing The name of this routing group.
Group
Click this name link to return to the Schedule page.
Available A list of event types configured in the system.
To add an event type to the routing group, select the term from the Available list, then click
to move it to the Members list.
Members A list of event types that are in this routing group.
To remove an event type from the routing group, select the term from the Members list, then
click to move it to the Available list.
Click this button to save your changes.
Feature Description
Routing The name of this routing group.
Group
Click this name link to return to the Schedule page.
Available A list of groups configured in the system.
To add a group to the routing group, select the term from the Available list, then click to
move it to the Members list.
Members A list of groups that are in this routing group.
To remove a group from the routing group, select the term from the Members list, then click
to move it to the Available list.
Click this button to save your changes.
For example, you can create an elevator access level that contains Floor 1 and Floor 3. When you add this
elevator access level to an access group, all users in that access group will have access to Floor 1 and Floor 3.
Note: This feature currently applies to Mercury Security elevator transactions in floor tracking mode.
5. Click Save.
6. After you have created an elevator access level, you must assign it to an access group to make it
effective. For more information, see Assigning an Elevator Access Level to an Access Group below.
4. Click Save.
4. Click Save.
All users in that access group now have access to the floors in the elevator access level.
2. From the Elevator Access Level listing page, click beside the elevator access level that you want
to delete.
3. When the confirmation message is displayed, click OK.
Feature Description
Description The name of this elevator access level.
Feature Description
Description Enter the name of this elevator access level.
Appliance From the drop down list, select the appliance that manages this elevator access level.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Output Indicates the default output number.
Description The name of each floor.
The floors are named by default, but you can rename them.
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Click this button to save your changes.
Feature Description
Description Enter the name of this elevator access level.
Appliance From the drop down list, select the appliance that manages this elevator access level.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Output Indicates the default output number.
Description The name of each floor.
The floors are named by default, but you can rename them.
Schedule Indicate when a card/code has free access to the specified floor, meaning a valid card/code is
not required to access this floor.
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Click this button to save your changes.
Note: If you do not have the correct delegations, you may not be able to access some of the
following pages. See your System Administrator for details.
Generating Reports
Anytime you see PDF or Spreadsheet, you can generate and save a copy of the current report.
You can generate a copy of reports from the Reports list, the Report Edit page or from the Report Preview
page.
Generated reports will only show the filtered information that is displayed. To edit the report before you
generate it, see Editing Reports on the next page.
l
Click to save the current report as a PDF file.
l
Click to save the current report as a CSV format spreadsheet.
Most generated reports saved as PDF files contain a maximum of 2,000 records, except the Audit Log
Report, which contains a maximum of 1,000 records. Reports saved as CSV format spreadsheet files contain a
maximum of 2,000 records.
Depending on your web browser, the file may be auto-downloaded or you will be prompted to save the file to
your local computer.
Report Preview
When you click the name of a report from the Reports list and select , a preview of the selected report is
displayed.
In the preview, you can check the report to see if the report gives you the information you need, search the
report, or generate the report. For example, if you wanted to know the role of an identity, you can preview the
Identity Summary report and search for the specific identity.
Reports 136
Tip: Click to filter the report. The preview bar expands to display search criteria.
Feature Description
Generate Report
The generate report options are displayed in the top left corner of the report preview.
Click this button to generate a PDF copy of the current report.
Click this button to generate a CSV or spreadsheet copy of the current report.
Preview Bar
The preview options are displayed at the bottom of the report page.
Click this icon to filter the report.
The report filter options are displayed. The options change depending on the
report.
l Click Search to perform a search using the selected filter options.
l Click Reset to clear the report filter options.
l In the drop down list beside the Reset button, choose if the search will
locate all or any transactions that match the selected report filters.
l Click Save to save and apply the selected filters to the default report.
Select the number of items you want to display on a single page.
Editing Reports
All reports can be edited or filtered to only display the information that you need. You can edit default system
reports and custom reports in the same way.
If you plan to use the filtered report frequently, you can create a custom report rather than modify the default
Most generated reports saved as PDF files contain a maximum of 2,000 records, except the Audit Log
Report, which contains a maximum of 1,000 records. Reports saved as CSV format spreadsheet files contain a
maximum of 2,000 records.
Reports requiring more than 2,000 rows must be scheduled as a batch job for system performance. For more
information, see Generating a Batch Report on page 478.
Note: The Audit Log Report and Transaction Report do not have available. To edit, click on
the report name and follow the steps in the related procedure - Editing Audit Log and
Transaction Reports below.
Now you can generate or preview the report with your changes.
3. Click in the bottom left-hand corner on the following page (either the Grid: Transaction Report or
Grid: Audit Log page).
The Find section opens.
4. Do the following to define criteria for the report:
l Select an option in the search type field (e.g. External System ID).
l Select an option in the search operator field (e.g. greater or equal to).
l Select an option in the search value field (e.g 12/07/2015 00:00:00).
John
Smith
Now you can generate or preview the report with your changes.
2. Click for the report you want to base the custom report on.
3. On the Report Edit page, select the Copy Report checkbox.
4. Give the new report a name.
5. Edit the report options to meet your requirements.
See Scheduling a Custom Report By Batch Job (Specification) on the next page.
1. Click Reports.
2. Click Transaction Report in the Report Name column.
3. Click at the bottom of the page. The preview bar expands to display search criteria.
4. Enter the details you want to include in the report in the Find section. (Click to add more fields.)
5. Click Search.
The system transactions are filtered into a report.
6. In the Create Custom Report field, enter a name for the report.
Panels are controllers that connect one or more door controllers (subpanels) and their associated readers to
the appliance. Doors are logical units incorporating one or more components that are connected to a panel.
The configuration of a door allows users to access certain areas.
Inputs are devices associated to panels and doors. For example, motion sensors or smoke detectors. Outputs
are devices that perform tasks in response to input data. For example, unlocking a door or setting off a fire
alarm.
Note: If you do not have the correct delegations, you may not be able to access some of the
following pages. See your System Administrator for details.
Templates Overview
For ASSA ABLOY, Avigilon and Mercury Security doors.
You can speed up the process of defining panels, subpanels and doors in the ACM system by creating
templates for bulk creation. For example, door templates create doors that automatically populate field
values on the Parameters and Operations tabs.
l Door templates
Standardize door configurations that set the basic parameters and operational settings for each type
of door at your site. Door templates are used when adding individual doors, modifying or updating
common door settings for groups of doors, or when batch creating subpanels for doors when adding a
new Mercury panel.
Tip: Although you can create multiple door templates with the same name, it is recommended
that you give each the indoor template a unique name.
l Reader templates
Standardize reader settings. Reader templates are referenced from a wiring template when batch
creating subpanels for doors on a new panel.
Door Templates
A door template contains a predefined set of common parameter values and operational settings that can be
applied to doors. Use a door template to populate the values assigned in the template to doors:
l When adding a new Mercury panel to the ACM system, new doors can be created in bulk by batch
creating the subpanels on the new panel. Door templates are used together with wiring templates to
create access-controlled doors with preset configurations ready for use after the new panel and
subpanels are fully connected and communicating with the ACM system. To bulk create doors using a
wiring template when adding a new panel, see Batch Creating Subpanels on a New Mercury Panel on
page 171.
l When adding a new door, you still need to configure many attributes such as operations, hardware,
cameras, and interlocks specifically for individual doors. To create a door using a template, see
Adding Doors on page 225.
l When standardizing settings or updating settings supported by a door template for a group of doors.
o When you have many doors defined with non-standard settings, create a group containing
these doors and a new door template containing the standard settings. Then apply the new
template to the group of doors.
o When you have to change a setting common to all doors that use the same template, modify
the door template. Then apply the modified template to the group of doors.
You can apply a template to a group of doors:
o Immediately from the Templates page, using the Batch Update option.
o Alternatively, at any time after the template is created or modified, from the Groups using the
Batch Update option.
o At a future time, or on a schedule, from the Batch Jobs Specifications page.
Note: When you use the Batch Update option and there are more than 10 doors in the group,
a batch job is launched, which runs in the background.
WARNING — There is a risk of losing a door template batch update report due to blocked pop-ups in your
web browser. When a door template batch update is performed on a group of doors, a report is generated
that you can save to your local system. If pop-ups from the ACM client are blocked by your web browser, the
report cannot be saved. Your web browser will notify you that the pop-up is blocked, and offer you the option
to unblock the pop-up. To save the report (and all future reports), you must enable pop-ups in your web
browser from your ACM client. For instructions on how to enable pop-ups, refer to the Help files for your web
browser.
2. On the Door Templates list, click from the Batch Update column beside the template you want
to apply to a group.
The Batch Update dialog box appears.
3. From the Group drop down list, select a group of doors.
Only the groups that have been previously defined appear in this list.
4. Click OK.
All members of the specified group are updated with this template's settings.
Note: If you are doing a door template batch update on a group of doors, you will either be
prompted to save the report generated by the system (if pop-ups from the ACM client are
unblocked) or your web browser will notify you that the pop-up has been blocked.
If there are more than 10 doors, the update will be automatically scheduled as a batch job that starts two
minutes after you select the group and click OK. This can be checked at > My Account > Batch Jobs.
Feature Description
Name The name of the door template.
Important: To bulk add door subpanels when adding a new Mercury panel, you must use a door
template that has a value specified for Door Mode. Before using the Subpanel: Batch Create wizard,
ensure that a door template for the door subpanel type has been configured. Door templates without
a Door Mode specified are not available for the wizard to use.
Note: You can add additional values to some drop down lists using the User Lists feature. For more
information, see Adding Items to a List on page 409.
Name the template and specify the site and vendor information.
Feature
Name You can change the name of the template. The name should be unique.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item,
select one or more partitions. To allow all operators access to the item, do not select a
partition.
The selection you make for the door template sets in which partitions doors are created.
Vendor The name of the door manufacturer. After you select the name, the page is refreshed to
show the Parameters tab.
Model Select Generic for any vendor to display all the configurable items for that vendor's
door controllers in the Parameters and Operations tabs. If you select Mercury as the
Vendor, you can select the panel model. After you select the model, the page refreshes
again to show only the configurable items for that model.
Click this button to save your changes.
After you select the vendor and model, update the individual items for the template to apply on the two
panels on the Parameters tab:
l On the Parameters panel, for each item except Partitions, you can select from three or more choices,
which vary from item to item:
o <No Change>: Do not change the value. If the door is new, the item is left blank, or set to its
default value. If there is already a value, it is unchanged.
o <BLANK>: Clear the value. If the door is new, the item is left blank. If there is already a value, it is
cleared. This choice only appears if no value is required.
o All other choices are specific to that item.
o The Partition item appears only if partitions are defined at your site.
l On the Door Processing Attributes tab, the choices are:
o <No Change>
o <Yes>
o <No>
For detailed information about each item on the Parameters tab, see:
l Parameters tab (Mercury Security) on page 252
l Parameters tab (VertX® ) on page 239
Next, update the individual items for the template to apply on the Operations tab:
l For the items with drop-down lists, except Card Formats, you can select from three or more choices,
which vary from item to item:
o <No Change>: Do not change the value. If the door is new, the item is left blank, or set to its
default value. If there is already a value, it is unchanged.
o <BLANK>: Clear the value. If the door is new, the item is left blank. If there is already a value, it is
cleared. This choice only appears if no value is required.
o For all the other items, enter a value in seconds, or leave blank to use the default value.
l For Card Formats, if you select:
o <No Change>: Do not change the value. If the door is new, the list of card formats for the door
will be populated by the card formats supported by the panel associated with the door.
o <BLANK>: Clear the value. If the door is new, the list is left empty. If there is already a value, it is
cleared.
o Assign: Replace any card formats supported by the door with the card formats specified in the
template.
o Add: Append the card formats specified in the template to the card formats already supported
by the door.
o Remove: Remove the card formats specified in the template from the list of card formats
supported by the door.
For detailed information about each item on the Operations tab, see:
l Operations tab (Mercury Security) on page 256
l Operations tab (VertX®) on page 242
When you click on the name of a door template on the Door Templates list, the Door Template: Edit page
appears. All of the configurable items for a door that can be set using a door template appear in the
Parameters and Operations tabs after you specify the vendor.
Note: You can add additional values to some drop down lists using the User Lists feature. For more
information, see Adding Items to a List on page 409.
Name the template and specify the site and vendor information.
Feature
Name Enter the name of the template. This field is required. The name should be unique.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the
item, select one or more partitions. To allow all operators access to the item, do not
select a partition.
The selection you make for the door template determines in which partitions doors
are created.
Vendor The name of the door manufacturer. After you select the name, the page is refreshed
to show the Parameters tab.
Model Select Generic for any vendor to display all the configurable items for that vendor's
door controllers in the Parameters and Operations tabs. If you select Mercury as the
Vendor, you can select the panel model. After you select the model, the page
refreshes again to show only the configurable items for that model.
Click this button to save your changes.
After you select the vendor and model, update the individual items for the template to apply on the two
panels on the Parameters tab:
For detailed information about each item on the Parameters tab, see:
l Parameters tab (Mercury Security) on page 252
l Parameters tab (VertX® ) on page 239
Next, update the individual items for the template to apply on the Operations tab:
l For the items with drop-down lists, except Card Formats, you can select from three or more choices,
which vary from item to item:
o <No Change>: Do not change the value. If the door is new, the item is left blank, or set to its
default value. If there is already a value, it is unchanged.
o <BLANK>: Clear the value. If the door is new, the item is left blank. If there is already a value, it is
cleared. This choice only appears if no value is required.
o For all the other items, enter a value in seconds, or leave blank to use the default value.
l For Card Formats, select <No Change>, <BLANK>, or specify the format to apply after choosing one of
the following:
o Assign: Replace any card formats supported by the door with the card formats specified in the
template.
o Add: Append the card formats specified in the template to the card formats already supported
by the door.
o Remove: Remove the card formats specified in the template from the list of card formats
supported by the door.
After you make your choice of Assign, Add, or Remove, a list of all the configured card formats is
displayed. Click to select one card format, or use any of click and drag, Shift and click, or Ctrl and click
to select multiple card formats and move them to the Members list.
For detailed information about each item on the Operations tab, see:
l Operations tab (Mercury Security) on page 256
l Operations tab (VertX®) on page 242
The Batch Update feature on the Templates page allows you to assign a door template to a group of doors
from the same manufacturer. This is useful for applying new settings or modifying current settings to a group
of doors.
WARNING — There is a risk of losing a door template batch update report due to blocked pop-ups in your
web browser. When a door template batch update is performed on a group of doors, a report is generated
that you can save to your local system. If pop-ups from the ACM client are blocked by your web browser, the
report cannot be saved. Your web browser will notify you that the pop-up is blocked, and offer you the option
to unblock the pop-up. To save the report (and all future reports), you must enable pop-ups in your web
browser from your ACM client. For instructions on how to enable pop-ups, refer to the Help files for your web
browser.
2. On the Door Templates list, click from the Batch Update column beside the template you want
to apply to a group.
The Batch Update dialog box appears.
3. From the Group drop down list, select a group of doors.
Only the groups that have been previously defined appear in this list.
4. Click OK.
All members of the specified group are updated with this template's settings.
Note: If you are doing a door template batch update on a group of doors, you will either be
prompted to save the report generated by the system (if pop-ups from the ACM client are
unblocked) or your web browser will notify you that the pop-up has been blocked.
If there are more than 10 doors, the update will be automatically scheduled as a batch job that starts two
minutes after you select the group and click OK. This can be checked at > My Account > Batch Jobs.
Reader Templates
Use standardized reader settings and corresponding reader templates together with wiring templates to
configure Mercury subpanels when adding panels in the ACM appliance. Standardize your reader
configurations and create a reader template for each standard configuration in use at your site.
Note: Ensure all OSDP readers are configured in ACM software before physically connecting them.
OSDP is recommended for communications between readers, controllers and subpanels. OSDP offers
support for bi-directional communication, Secure Channel Protocol (SCP) to encrypt the traffic, and provides
Do not mix and match OSDP and non-OSDP readers on the same serial input/output (SIO) module. If OSDP is
being used, set all all reader addresses (including unused ones) to OSDP to avoid accidental re-
programming.
OSDP allows twice as many readers on most SIO modules. This allows a single controller port to control two
OSDP readers, however the second reader only functions if both readers on the port use OSDP and the
second reader is used on a paired door, or as the alternate reader for a single door. The second reader on an
OSDP port cannot be used to create a second single door.
To access reader templates, select Physical Access > Templates and then click the Reader Templates tab.
The Reader Templates list page is displayed. This page lists all reader templates that have been defined in
the system.
Tip: After you have configured new doors using templates, you must access each door, panel, or
subpanel to configure the unique settings that are not configured by each template.
Ensure all OSDP readers are configured in ACM software before physically connecting them.
Feature Description
Name The name of the reader template.
Note: Ensure all OSDP readers are configured in ACM software before physically connecting them.
Feature Description
Name Enter a unique name for the template.
Vendor Choose Mercury Security or HID.
Mercury Security settings
Note: The Custom option enables all options for all reader types. Readers
configured with versions of the ACM software earlier than Release 5.10.4
are assigned this reader type when the software is upgraded to ensure
that the previous settings are retained.
The following options depend on the selected Reader Type and include:
LED Drive Select the LED drive mode for readers configured with this template. The options depend
on the reader model and how it is wired and include:
l None
l Gen 1 wire
l Reserved
l Sep Red/Grn no buzz
l Dorado 780
l LCD
l OSDP
Format by Check this box to indicate that readers configured with this template support the format by
nibble nibble.
Bidirectional Check this box to indicate that readers configured with this template can read
bidirectionally.
F/2F Decoding Check this box to indicate that readers configured with this template use F or 2F decoding.
CAUTION — Do not enable SCP on readers that support OSDPv1, such as the ViRDI
biometric reader, as this will make the reader inoperable. Secure channel is only
supported in by OSDPv2.
Baud Rate Set the OSDP baud rate. This must be the same for all readers on a single port. Valid
values are 9600 (default), 19200, 38000 or 115200. If blank is selected, the system will
use default settings.
Note: Mercury controllers may auto-detect the OSDP baud rate. For more
information, refer to Mercury documentation.
Note: Mercury controllers will first try the setting provided and if that does not
work, the controller will use default settings.
Feature Description
Name Enter a unique name for the template.
Vendor Choose Mercury Security or HID.
Mercury Security settings
Note: The Custom option enables all options for all reader types. Readers
configured with versions of the ACM software earlier than Release 5.10.4
are assigned this reader type when the software is upgraded to ensure
that the previous settings are retained.
The following options depend on the selected Reader Type and include:
LED Drive Select the LED drive mode for readers configured with this template. The options depend
on the reader model and how it is wired and include:
l None
l Gen 1 wire
l Reserved
l Sep Red/Grn no buzz
l Dorado 780
l LCD
l OSDP
Format by Check this box to indicate that readers configured with this template support the format by
nibble nibble.
Bidirectional Check this box to indicate that readers configured with this template can read
bidirectionally.
F/2F Decoding Check this box to indicate that readers configured with this template use F or 2F decoding.
CAUTION — Do not enable SCP on readers that support OSDPv1, such as the ViRDI
biometric reader, as this will make the reader inoperable. Secure channel is only
supported in by OSDPv2.
Baud Rate Set the OSDP baud rate. This must be the same for all readers on a single port. Valid
values are 9600 (default), 19200, 38000 or 115200. If blank is selected, the system will
use default settings.
Note: Mercury controllers may auto-detect the OSDP baud rate. For more
information, refer to Mercury documentation.
Note: Mercury controllers will first try the setting provided and if that does not
work, the controller will use default settings.
Input Templates
Use standardized input settings and corresponding input templates together with wiring templates to
configure Mercury subpanels when adding panels in the ACM appliance. Standardize your input
configurations and create an input template for each standard configuration in use at your site.
To access input templates, select Physical Access > Templates and then click the Input Templates tab. The
Input Templates list page is displayed. This page lists all input templates that have been defined in the
system.
Note: Input templates for VertX® are not used by the ACM system. Input templates are only used
when configuring Mercury subpanels.
Tip: After you have configured new doors using templates, you must access each door, panel, or
Feature Description
Name The name of the input template.
Note: Input templates for VertX® are not used by the ACM system. Input templates are only used
when configuring Mercury subpanels.
Feature Description
Name The name of the template.
Installed Check to indicate that input points configured with this template are connected and active.
Vendor The only supported option is Mercury Security.
Mercury Security settings
Enter the number of seconds allowed before the input reports an event.
Exit Delay The Exit Delay setting specifies the amount of time after the alarm system is armed that you
have to leave the area without triggering an alarm.
Enter the number of seconds allowed before the input reports an event.
Hold time Set the amount of time that the alarm will stay in alarm state after returning to normal.
For example, if the input point goes into alarm state, then restores, it will hold it in that state for 1
to 15 seconds after it returns to normal state before reporting the input point is in the normal
state.
Schedule Define when the input is masked. When the schedule is active, the input will be masked.
Masked Check this box to indicate that this input is normally masked.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
1Due to mechanical properties of a switch, when a switch is closed, there is a period of time in which the
electrical connection "bounces" between open and closed. To a microcontroller, this "bouncing" can be
interpreted as multiple button pushes. To suppress the "bouncing", the controller software is designed to
anticipate it. This is known as "debouncing a switch".
Show Click this button to display the policies associated with this input module.
Policy
Note: Input templates for VertX® are not used by the ACM system. Input templates are only used
when configuring Mercury subpanels.
Feature Description
Name The name of the template.
Installed Check to indicate that input points configured with this template are connected and active.
Vendor The only supported option is Mercury Security.
Mercury Security settings
Mode Select the mode used for arming and disarming the input to trigger alarm events. Each mode
modifies the effect of the Exit Delay and Entry Delay settings.
l Normal – Does not use the Exit Delay and Entry Delay settings. Point is armed when the
area is armed. Triggering the armed point will instantly trigger the alarm.
l Non-latching – Uses the Exit Delay and Entry Delay settings. When the area is armed,
the point is armed after the time specified by the Exit Delay setting. This allows you time
to exit the area without triggering an alarm. After the point is armed, triggering the
armed point occurs after the time specified by the Entry Delay setting. This allows you
time to disarm the area or restore the point (for example, by closing the door). This mode
can be used in a scenario such as an armed fire door if you want people to exit but do
not want the door propped open. The entry delay allows time for the door to be closed
before triggering the alarm.
l Latching – Uses the Exit Delay and Entry Delay settings. When the area is armed, the
point is armed after the time specified by the Exit Delay setting. This allows you time to
exit the area without triggering an alarm. After the point is armed, triggering the armed
point occurs after the time specified by the Entry Delay setting. This allows you time to
disarm the area.
EOL Select the End of Line resistance value used by inputs configured with this template.
resistance
Only the EOL resistance values that have been defined in the system are listed.
Enter the number of seconds allowed before the input reports an event.
Exit Delay The Exit Delay setting specifies the amount of time after the alarm system is armed that you
have to leave the area without triggering an alarm.
Enter the number of seconds allowed before the input reports an event.
Hold time Set the amount of time that the alarm will stay in alarm state after returning to normal.
For example, if the input point goes into alarm state, then restores, it will hold it in that state for 1
to 15 seconds after it returns to normal state before reporting the input point is in the normal
state.
Schedule Define when the input is masked. When the schedule is active, the input will be masked.
Masked Check this box to indicate that this input is normally masked.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Show Click this button to display the policies associated with this input module.
Policy
Output Templates
Use standardized input settings and corresponding output templates to use together with wiring templates to
configure Mercury subpanels when adding panels in the ACM appliance. Standardize your output
configurations and create an output template for each standard configuration in use at your site.
To access output templates, select Physical Access > Templates and then click the Output Templates tab.
The Output Templates list page is displayed. This page lists all output templates that have been defined in
the system.
Note: Output templates for VertX® are not used by the ACM system. Output templates are only used
when configuring Mercury subpanels.
1Due to mechanical properties of a switch, when a switch is closed, there is a period of time in which the
electrical connection "bounces" between open and closed. To a microcontroller, this "bouncing" can be
interpreted as multiple button pushes. To suppress the "bouncing", the controller software is designed to
anticipate it. This is known as "debouncing a switch".
Feature Description
Name The name of the output template.
Note: Output templates for VertX® are not used by the ACM system. Output templates are only used
when configuring Mercury subpanels.
Feature Description
Name The name of the template.
Installed Check to indicate that input points configured with this template are connected and active.
Vendor The only supported option is Mercury Security.
Operating Select how the panel knows when the output point is active.
Mode
l Energized When Active – a current is expected to pass through the output point when it
is active.
l Not Energized When Active – a current expected to pass through the output point
when it is inactive.
Pulse Time Enter the pulse interval time. This is the number of seconds that the output will activate when a
pulse command is issued.
Note: This field is only available on outputs not associated with doors (e.g. auxiliary
relays).
Note: Output templates for VertX® are not used by the ACM system. Output templates are only used
when configuring Mercury subpanels.
Feature Description
Name The name of the template.
Installed Check to indicate that input points configured with this template are connected and active.
Vendor The only supported option is Mercury Security.
Operating Select how the panel knows when the output point is active.
Mode
l Energized When Active – a current is expected to pass through the output point when it
is active.
l Not Energized When Active – a current expected to pass through the output point
when it is inactive.
Pulse Time Enter the pulse interval time. This is the number of seconds that the output will activate when a
pulse command is issued.
Note: This field is only available on outputs not associated with doors (e.g. auxiliary
relays).
Schedule Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
A wiring template takes information from the door, input, output, and reader templates that you specify and
validates all the information so that the template can be used to batch create subpanels configured with
functional doors and readers.
Wiring templates use the Access Type options Single and Paired to support easier configuration of doors.
Use Single for a door with one reader on one side of the door only (single reader door). Use Paired for a door
with two readers, one on each side of the door (paired reader door). Paired readers allow each side of a
single physical door to act like a separate door. This is particularly useful for antipassback and mustering.
The Access Type can also be configured in the Door Template. When configured in both the Wiring
Template, and the associated Door Template, the setting in the Wiring Template takes precedence.
You can modify the preconfigured wiring templates and create new wiring templates for each type of
subpanel in use at your site. If you use different wiring setups for the same type of subpanel, create a wiring
template for each setup.
Important: Before you configure the wiring template for a subpanel, you should have already
configured the reader templates, input templates, and output templates needed for that subpanel. A
wiring template contains mappings for the subpanel input, output, and reader addresses that
correspond to the wiring set up of the subpanel for the readers, door position, strike, and request to
exit (REX) buttons, and sets the associated template for each mapping. The number of doors and
available reader, input, and output addresses for mapping is fixed for each subpanel model.
To access wiring templates, select Physical Access > Templates and then click the Wiring Templates tab.
The Wiring Templates list page is displayed. This page lists all wiring templates that have been defined in the
system.
You can check if the settings you make on this page are valid at any time by clicking Validate at the bottom of
the page. If there is an error on the page, an error message identifies the problem for you to correct.
Feature Description
Name Enter a unique name for the template.
Vendor The only option is Mercury Security.
MR50 1 2
MR52 2 4
MR51e 2 4
MR62e 2 4
M5-2RP 2 2
M5-2SRP 2 2
M5-8RP 8 8
MS-2K 4 4
MS-ACS 8 8
or
Model
MR161N
MR16OUT
M5-20IN
M5-16DO
M5-16DOR
M8-I8S
M8-R8S
Specify the I/O templates for the doors created with this template:
You can check if the settings you make on this page are valid at any time by clicking Validate at the bottom of
the page. If there is an error on the page, an error message identifies the problem for you to correct.
For details about the fields on this page, see Wiring Template: Add page on page 164
When a new Mercury panel is created you can use the Subpanel: Batch Create wizard to add subpanels to
the panel. The wizard adds connection information for the subpanels and doors that are wired to the panel so
that the ACM appliance can start managing door access. You must configure door templates, input
templates, output templates, reader templates, and wiring templates before you can use the wizard.
Together, these templates can provide enough information to ensure basic functioning of doors as soon as
the new panel and subpanels are fully connected and communicating with the ACM system. For more
information, see Templates Overview on page 142.
Tip: To add a gateway to manage Schlage IP wireless locks, see Step 2: Configuring Gateways for IP
Wireless Locks on page 283. To add a SALTO server and panel to manage SALTO doors, see Step 1:
Connecting to a SALTO Server on page 302. To add a Door Server Router (DSR) panel to manage
ASSA ABLOY IP-enabled locks, see Step 1: Configuring a Door Service Router for IP Locks on
page 313.
Panel Migration
Migrate panel models without reprogramming their settings and reduce system downtime.
b. Click .
2. Reset the panel after changing the panel model.
For more information, see Resetting Doors Connected to a Subpanel on page 178.
Adding Panels
Panels connect door controllers and their readers to the ACM appliance. Adding a panel to the ACM system
allows the appliance to gather information on the connected doors.
Tip: To add a gateway to manage Schlage IP wireless locks, see Step 2: Configuring Gateways for IP
Wireless Locks on page 283. To add a SALTO server and panel to manage SALTO doors, see Step 1:
Connecting to a SALTO Server on page 302. To add a Door Server Router (DSR) panel to manage
ASSA ABLOY IP-enabled locks, see Step 1: Configuring a Door Service Router for IP Locks on
page 313.
Name A unique name for the panel. Choose a name that will help you identify the devices it
controls. Duplicate names are not allowed.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the
item, select one or more partitions. To allow all operators access to the item, do not
select a partition.
Enable Large Encoded Card Format: For all types of Mercury controllers other than
the LP4502 model with the pivCLASS with external PAM. See Appendix: pivCLASS
Configuration on page 529.
Embedded Auth: For LP4502 model only. See Appendix: pivCLASS Configuration
on page 529.
Timezone: The local time which the panel operates in for door schedules and other
time-based configuration.
Wiring Type: For SCP models only. The type of port the panel uses to connect to door
or subpanels.
For SCP-2 and SCP-E models, enter:
l (4) 2-Wire Ports
l (2) 4-Wire Ports
l (1) 4-Wire/(2) 2-Wire
For SCP-C model, enter:
l (2) 2-Wire Ports
l (1) 4-Wire Port
Total Memory: For SCP-2 and SCP-E models only. The total memory the panel
contains.
Max Elevator Floors: For SCP models only. The number of floors the panel oversees.
Up to 128 floors can be specified. For more information on defining elevator door
access, see Managing Elevator Access on page 132.
Allocate space :
Credentials: The number of credentials that can be stored in the panel. The number
is dependent on the memory, vendor and model of the panel.
Events: The number of transactions to buffer in the panel. The number is dependent
on the memory, vendor and model of the panel.
Version: The current version of the database.
Installed If selected, the panel is installed and ready to communicate with the ACM appliance.
See also:
l Deleting Doors on page 212
Note: You can add any Mercury panels that use the same protocol.
3. After all subpanels have been added to the system, select the Subpanels tab and click in the Installed
Mercury internal subpanels on the EP1501, LP1501, EP1502, LP1502 and LP4502 models do not have an
address that can be changed.
After you save a new Mercury panel, you are prompted to use the Subpanel: Batch Create wizard. The wizard
lets you create identically configured doors on many types of subpanels, as well as groups of doors
configured differently on the same type of subpanel, and to name all the doors all in a single session.
The wizard lets you quickly create many subpanels and doors at once. The optional wiring templates allow
you to give your subpanels standard configurations for inputs, outputs and doors. Doors will only be created
when they are defined in the selected wiring templates. These templates must be configured before the
wizard can use them to create functioning subpanels and doors. The more you standardize doors, readers,
outputs, inputs, and panel wiring, the fewer templates you need. Some sample templates are provided. For
more information, see Templates Overview on page 142.
The wizard is only available when you create a new Mercury panel. Its use is optional. You can cancel out of
the wizard and the panel is still saved. However, you will have to configure all of your subpanels and the
doors, readers, outputs, and inputs to each subpanel individually.
Important: To bulk add door subpanels when adding a new Mercury panel, you must use a door
template that has a value specified for Door Mode. Before using the Subpanel: Batch Create wizard,
ensure that a door template for the door subpanel type has been configured. Door templates without
a Door Mode specified are not available for the wizard to use.
1. Batch Create: Add a row for each type of subpanel that uses the same wiring template. In each row,
identify the subpanel type, the base name shared by all subpanels, the number of subpanels, and the
wiring template to use. You can only add as many subpanels as the panel can support. You can only
select a wiring template that supports that subpanel type. You can use the wizard to create
unpopulated subpanels by not specifying a wiring template.
2. Batch Edit: A row is displayed for each subpanel to be created. All the values can be changed. If you
change the subpanel type, you also have to change the wiring template. You can also add more
subpanels, up to the maximum supported by the panel.
3. Batch Name Doors: Edit the default door names for any door to conform to your site's standard
method for identifying doors (such as room numbers or names).
or
Batch Create Summary: If no doors are configured for the subpanel, review the details.
Each step is completed on its own page. Checks are made as you enter data to ensure that you enter only
valid data for the panel and subpanels, and do not overpopulate the panel. The subpanels are created when
you click Save after completing the third step.
Tip: After you have configured new doors using templates, you must access each door, panel, or
subpanel to configure the unique settings that are not configured by each template.
Add a row for each differently configured subpanel connected to the new panel, up to the maximum
supported for that type of panel. Typically, this would be one row for each type of subpanel. In each row,
specify the type of subpanel, its base name, the number of subpanels to create, and the templates to use to
create them.
Note: An exception to this is the MS-ISC panel, which only supports two MS-ACS subpanels, with
addresses 0 and 2. You can add more than two MS-ACS subpanels to an MS-ISC panel on the first
page, but you must correct this on the Subpanel: Batch Edit Details page before you can proceed to
the Subpanel: Batch Name Doors.
Most controllers have a built-in subpanel. That subpanel will be automatically created as part of the batch add
process. You cannot delete it or change its type, name, quantity or address.
Column Description
Subpanel Type Select the subpanel model from the Select Model drop-down list. The selection is
determined by the panel model.
Subpanel Base Name The prefix used in the name of each subpanel. The default format is <panelName>-
<panelModel>. For example EastEntrance-LP2500. You can change this name.
Quantity Select the number of identically configured subpanels you want to add. The
number of available subpanels is updated as new rows are added.
Important for users of templates created in releases prior to ACM Release 6.0:
If you select a template that supports doors that has no doors associated with it,
the Selected template has no door profiles warning message is
displayed. This warning usually occurs for wiring templates created prior to ACM
Release 6.0 that have not been modified to associate them with doors. You can
choose to continue (and no doors will be created by the wizard) or edit the
template. To edit the template, click the Edit Template button that is now
displayed .
Edit the details for all of the subpanels you added for the new panel. You can also continue to add and
remove subpanels up to the maximum supported by the panel.
Column Description
Address The port address on the panel to which the subpanel is connected. If there
are addresses available, you can add and reorder the addresses. New
subpanels are always added to the first available address.
Note: The MS-ISC panel only supports two MS-ACS subpanels, with
addresses two 0 and 2. If you added more than two MS-
ACS subpanels to an MS-ISC panel on the first page, you must
correct this here before you can proceed to the Subpanel: Batch
Name Doors.
Subpanel Type You can change the subpanel type. After you make your selection, the row is
updated to prompt you for the information needed to create the subpanel.
Subpanel Name The name of each subpanel. The default name is the subpanel address
appended to the Subpanel Base Name: <panelName>-<panelModel>-
<subpanelAddress>. For example EastEntrance-LP2500-0. You can change
this name.
Wiring Template Select the template from the Select Wiring Template drop-down list. The
selection is determined by the subpanel type.
Click Next.
If there are any doors to configure (because wiring templates with door configurations were selected), they
can be named on the Subpanel: Batch Name Doors page that is displayed. Otherwise the Subpanel: Batch
Create Summary page is presented. On both pages the settings you have configured on the previous pages
are displayed for your review before the subpanels are created.
On the Subpanel: Batch Name Doors, default names for each door are displayed for each door subpanel
being added to the panel. You can edit the door names to match the door-naming standard for your site
before the subpanels are created.
Click Save to create the subpanels and doors and return to the Panel: Edit page. To access the subpanels
you created, click the Subpanels tab.
1. After you save the new panel, the Subpanel: Batch Add page is displayed.
2. Select the number of each subpanel model that is installed at each port then click .
The HID Panel Configure page is displayed.
3. Select the Host tab.
4. Enter the IP address for this panel.
1. After you save the new panel, the Subpanels: Batch Create page is displayed.
Note: The listed subpanel models will be different depending on the Mercury panel model
that was selected on initial Panel Add page.
3. Click Save.
The Mercury Security Panel Edit page is displayed.
4. Select the Host tab.
5. Enter the IP address for this panel.
Subpanel Fields
For Mercury Security, HID VertX, Schlage ENGAGE gateway (RSI mode) and ASSA ABLOY doors.
Note: Fields in this list are dependent on the door or device. Some commands or fields are not
supported for all doors or devices.
Editing Panels
To edit an existing panel, select the type of panels that you have installed.
This read-only page displays a table that lists the card formats used on all the doors connected to that panel.
Although the ACM system allows you to define up to 128 card formats system-wide, only 16 card formats can
be used within a single panel.
You can use this table to identify the doors that use each card format. Each row displays a card format in the
Card Formats column, and displays a drop-down menu that displays the number of doors that recognize this.
Click on the drop-down menu bar to see the list of doors.
To avoid granting each individual a free pass, you can reset the anti-passback condition for the panel.
A confirmation message is displayed when APB is reset. Badge holders can return to their regular stations
and the system will resume normal operations.
Downloading Parameters
Any changes you make to the panel configuration or related events are automatically downloaded to the
panel daily. However, you can manually download the parameters to immediately activate the updated
configurations.
Downloading Tokens
Whenever you add new identities or update door access information in the system, the system automatically
downloads the new details to the panels and doors. However, if the auto-download is unsuccessful, you can
download tokens to the panel manually.
177
1. On the Panels list, select the panel you want to update.
2. On the Panel Status page, click Tokens.
The following table shows the equivalent Mercury Security panel for each supported Lenel panel.
For example, you have installed a Lenel LNL-1000 panel. As you complete the procedure to add the new
panel, you would select Mercury Security as the vendor and select the SCP-2 as the model.
Since the SCP-2 and the LNL-1000 use the same parameters, the ACM appliance can communicate with the
panels in the same way.
Note: For IP wireless locks, a firmware update is applied to all locks of the same type
managed by the gateway (for example, NDE locks but not LE locks). For offline Wi-Fi locks, a
firmware update is applied to the single selected lock.
Note: If you click , the Identity Import Type: will be set to Auto and any
attached CSV files will be deleted.
e. On the Firmware list, click next to the firmware file to apply it to the panel.
l Delete an existing firmware update, click next to the firmware file. Click OK to confirm the
operation.
SALTO Panel Status
On the Panel: Status tab, see:
The communications status between the SALTO server and ACM appliance. The
current status of the device is indicated by the background color. For more
information, see Status Colors on page 46.
Server Time/Date The date and time of the last import from the SALTO server to the ACM
appliance.
Language Code The language code used.
Protocol Version The SALTO Host Interface Protocol version.
See also:
l Step 3: Syncing Doors with the SALTO Server on page 304
l Downloading All Tokens on page 310
SALTO Panel Configuration
On the Panel: Edit Configure tab, see:
See also:
l Step 2: Configuring the SALTO Server on page 303
Deleting Panels
Deleting a panel removes the connection between the ACM system and the panel.
2. Click at the end of a row in the Panels table and then click Delete.
3. When the confirmation message appears, click OK.
Configuring Subpanels
Some panels support hierarchical connections. One panel can be connected to a large number of specialized
subpanels, and the subpanels transmit their data to the ACM appliance through the panel.
Adding a Subpanel
Single subpanels can be added to a predefined panel. Gateway and hub subpanels can be added for wired
and wireless locks.
Note: Schlage PIM400, RSI-based ENGAGE Gateway, AD300; Assa Abloy Aperio; and SmartIntego
GatewayNode subpanels can only be added one at a time to a Mercury panel. To batch add other
supported subpanels, see Batch Creating Subpanels on a New Mercury Panel on page 171.
Note: Fields in this list that are not supported by the subpanel or gateway are not displayed.
Editing Subpanels
To edit an existing subpanel:
l
To edit the readers connected to the subpanel, click for that subpanel.
5. On the following listing page, select the specific device you want to edit.
6. Make the required changes to the device edit page.
Inputs
Inputs are associated with panels or doors and can include:
l Motion sensors
l Door contacts
l Smoke detectors
l REX (request to exit) buttons
l Perimeter and fence alarms
l Break glass window sensors
l Crash bars
l Capacitance duct sensors
l Device tamper switches
The state may change according to several actions, including entry of a proper code or card, or operator
override.
By choosing the Operating Mode option when editing an output, you can set one of the following options to
define how the output behaves when it is active:
Feature Description
Energized When An electrical current is expected to pass through the output point when it is active.
Active
Not Energized An electrical current is expected to pass through the output point when it is not active.
When Active
Outputs
Outputs are devices that perform tasks in response to input data. This includes unlocking a door, setting off a
fire alarm, activating an elevator or turning off air conditioning. Output devices include:
l Strikes
l Magnetic locks
l Fire alarms
l Klaxons
l Motors of any sort
l HVAC
In general, these devices are activated by door controllers, panels, or subpanels that use relays to initiate
activation. Output devices can have one of the following states:
l On (energized)
l Off (de-energized)
l Pulse (intermittently on and off)
Locks (in general) and strikes (specifically) come in several varieties that support a locked state that is either
energized or de-energized, with a default state that is either locked or unlocked. This is for safety reasons. In
the case of power outages and emergency shutdowns, many doors must 'fail open', meaning that they unlock
whenever the power goes off, allowing people to exit an area. Other doors, such as bank vaults and secured
areas, must 'fail close', meaning that a de-energized state requires the bolt to remain in place. For more on
this, refer to Configuring Doors on page 199 and Configuring Panels on page 167.
Many outputs, such as sliding doors, alarms or warning lights need to be turned on and off. In order to do this,
relays on many panels also provide a pulse feature that energizes the output for a specified amount of time
then de-energizes the output for a specified amount of time.
Doors and other outputs can be activated by the user following a successful card or code entry. Alternatively,
the operator can override normal operation or control the output on the Subpanel Status page.
Deleting Subpanels
To disable communication between a panel and external subpanel, you can delete the subpanel from the
system.
Configuring Locks
To use locks with built-in card or PIN readers, add the related wireless lock subpanel to the system then add
the lock hardware as part of a door. The readers can be either wired or wireless, depending on the lock.
Supported Devices
After the locks with built-in card, PIN or fingerprint readers are installed and configured according to vendor
instructions, ensure the physical configuration matches the configuration in the ACM application as follows.
The readers can be either wired or wireless, depending on the lock.
Note: To support the devices that connect to the LP series hubs, install the applicable LP_nnnn_1_
30_0_662_FS_2_23.crc firmware versions.
Wired locks
Wireless locks
*Aperio Wiegand devices and Wiegand hubs (1 device to 1 hub) are not managed in the ACM system.
SimonsVoss series
Up to 32 gateways on Port
4 for EP1502, EP2500 and
MS-ICS.
Each subpanel is
connected over an
Ethernet network
using TCP.
The wireless lock assembly is installed directly to the door and communicates with the Aperio Hub subpanel
wirelessly.
The wireless lock assembly is installed directly to the door and communicates with the PIM400 subpanel
wirelessly.
Note: Ensure the wireless locks are installed according to Schlage installation instructions.
Note: This is the only lock function supported for the RSI-connected NDE series lock.
l Office — The lockset is normally secure. The inside lever always allows free egress. An interior
push-button on the inside housing may be used to select a passage or secured status. Meets
the need for lockdown function for safety and security. Valid toggle credentials (i.e. a valid card
that is swiped twice within five seconds) on the exterior may also be used to change status. Not
to be used on mortise deadbolt.
Note: A Restore door action is available on the Door listing page and the Hardware Status
page which resets the Door Mode to its default value.
8. Customize all other door settings to meet your system requirements and save your changes.
Note: Ensure the wireless locks are installed according to Schlage installation instructions.
e. Click to save.
2. Add the required subpanels to the new panel:
l
If using only ENGAGE Gateway subpanels, select the Batch Add option and click .
Note: Make sure the ENGAGE Gateway subpanel configuration matches the physical
gateway.
l If using both Gateway and non-Gateway subpanels, enter the correct number of Gateway
subpanels and/or PIM400s on the Subpanel: Batch Add page (do not select any other panels at
d. Click to save.
3. Create a door for each wireless lock assembly.
For more information, see Adding Doors on page 225.
4. For each door, select the corresponding Mercury Security panel, ENGAGE Gateway subpanel and
door number that is assigned to the wireless lock assembly.
5. On the door Parameters tab, set the Lock Function for the wireless locks. The options are:
l None: Use the system default door settings.
l Privacy: When the interior lock button is pressed, the door will lock and the exterior lock will not
grant access to any token. To unlock the door, the interior lock button must be pressed again or
exit the room.
l Apartment: Use the interior lock button to toggle between locked and unlocked. When the
door is locked, any valid token will open the door. The door must be manually locked or it will
stay unlocked.
l Classroom — Classroom/Storeroom — The lockset is normally secure. The inside lever always
allows free egress. Valid toggle credentials (i.e. a valid card that is swiped twice within five
Note: This is the only lock function supported for the RSI-connected NDE series lock.
l Office — The lockset is normally secure. The inside lever always allows free egress. An interior
push-button on the inside housing may be used to select a passage or secured status. Meets
the need for lockdown function for safety and security. Valid toggle credentials (i.e. a valid card
that is swiped twice within five seconds) on the exterior may also be used to change status. Not
to be used on mortise deadbolt.
Note: A Restore door action is available on the Door listing page and the Hardware Status
page which resets the Door Mode to its default value.
6. Customize all other door settings to meet your system requirements and save your changes.
Note: Ensure that the wireless locks have been installed in line with Schlage's installation
instructions.
1. Add a Mercury EP2500 or EP1501 (with downstream) panel to the ACM system:
a. Select Physical Access>Panels.
b. Click .
c. Enter the Name, Vendor and Model.
d. Select Installed.
e. Click to save.
Note: You will still need to manually make sure that the ENGAGE Gateway has
matching configuration as the physical gateway.
l both Gateway and non-Gateway subpanels, then enter the correct number of Gateway
subpanels and/or PIM400s on the Subpanel: Batch Add page (do not select any other panels at
Note: There is a Restore door action available on the Door listing page and the Hardware
Status page which resets the Door Mode to its default value.
6. Customize all other door settings to meet your system requirements and save your changes.
Ensure that the wireless locks have been installed and configured according to the SimonsVoss installation
instructions. You must have:
l Configured the hostname, and optionally the IP address, or the MAC address in the SmartIntego
GatewayNode software. For more information, refer to the SimonsVoss documentation for the
SmartIntego GatewayNode software.
Note: To use the MAC address of the wireless lock, the hostname must be configures in the
format MAC<nnnnnnnnnnnn>, where nnnnnnnnnnnn is the MAC address without any colons.
For example, the hostname for a lock with MAC address 12:34:56:78:9A:BC is entered
MAC123456789ABC.
l Identified the hexadecimal address for each SmartIntego GatewayNode and each wireless lock before
you can connect them to the ACM software. This information is available from the SmartIntego Tool as
shown in the figures below. In these examples:
o 0X0011 is the hex address for the SimonsVoss GatewayNode. Enter this value in the Address
field for each SmartIntego GatewayNode in the ACM software (Physical Access > Panel >
Subpanel).
0X0016 is the hex address for the SimonsVoss wireless lock. This is the value entered in the
Door Number field for each SImonsVoss lock in the ACM software (Physical Access > Doors
> Add Door).
Figure 3: The SmartIntego GatewayNode hexadecimal address in the SmartIntego Manager screen of the SmartIntego Tool.
Figure 4: The SmartIntego lock hexadecimal address in the SmartIntego Manager screen of the SmartIntego Tool.
Prerequisites 192
Note: The SmartIntego Tool software and the SmartIntego GatewayNode software are not
supported on Microsoft Windows 10.
Configuring Doors
To configure a door with a SmartIntego wireless lock in the ACM software, use the following steps:
e. Click to save.
2. Optionally, on the Subpanel: Batch Add panel, enter the number of SmartIntego GatewayNode
subpanels. you want to add using the Batch Add option and click .
3. Click on the Subpanels tab to open the Subpanel page.
4. Open each SmartIntego GatewayNode subpanel and enter the following:
l Port—Select Network and select Installed.
l Enter at least one of the following
o IP Address
o MAC Address
o Hostname
l Address—enter the hexadecimal address for the SmartIntego GatewayNode.
Each SmartIntego GatewayNode subpanel manages up to 16 wireless doors.
Note: You will still need to manually make sure that the subpanel configuration matches the
physical gateway
5. Create a door for each wireless lock assembly. Ensure you specify Mercury Security as the vendor.
For more information, see Adding Doors on page 225.
6. On the Parameters panel for each door, ensure that you do the following:
l Vendor — Select Mercury Security
l Panel — Select the panel that is connected to the SmartIntego GatewayNode for the door.
l Subpanel — Select the subpanel for the SmartIntego GatewayNode that is connected to the
door.
l Door Number — Enter the hexadecimal address for the SmartIntego wireless lock assembly.
8. Customize the other door settings to meet your system requirements and click .
The ACM system and the SmartIntego GatewayNode subpanel should now connect and the door should be
Troubleshooting
Door Status
After the door is operational, certain conditions of the SimonsVoss wireless lock that change the door status
are not always immediately reported to the ACM system. As a result, the door status reported in the ACM
client may not always accurately reflect the actual status of the of the door.
l If you uninstall the door and then reinstall it in the ACM system, the connection between the
SmartIntego GatewayNode subpanel and the SimonsVoss lock is not interrupted. However, the
reinstalled door will appear offline to the ACM system until the SmartIntego GatewayNode subpanel
polls the SimonsVoss lock. This poll happens once every 12 hours, so you may have to wait as long as
12 hours. During this period, the door will function normally but the ACM system will not receive any
events from the door.
l After a power outage to the SmartIntego GatewayNode subpanel, an accurate door status will not be
seen in the ACM system until after the SmartIntego GatewayNode subpanel is online and polling of all
the SimonsVoss doors connected to that subpanel has completed. The time it takes for the subpanel
to come online and start polling can be variable.
l If the batteries in the SimonsVoss lock are depleted or removed, an accurate door status will not be
seen in the ACM system until after 24 hours have elapsed since the last battery status report was
received from the wireless lock. It could take up to 24 hours after battery power has been lost before
the status is correctly reported. Meanwhile, commands can be sent to the door, but nothing happens.
Note: The ACM lockdown priority operation is superseded by the Escape and Return state of the
SimonsVoss wireless lock when it becomes engaged in a lockdown situation.
Macros
Macros are commands, or sequences of commands, that can control the activity of devices connected to a
door, panel, or group of panels.
Troubleshooting 195
Macros can be extremely simple, such as turning out lights or masking an input. Or, they can be sophisticated
multi-step procedures. For example, you can define a macro that closes down the air conditioning system,
unmasks the alarms, locks all the doors connected to a panel, turns out the lights, then emails the operator for
more instructions.
All doors (not limited to Mercury Security) support simple macros. Simple macros are triggered by a single
door event and activate one output in response. For more information, see Adding Simple Macros on
page 211.
Adding Macros
To apply this macro to a specific situation, see Assigning Macros on the next page.
To create quick macros that are specific to a particular door (simple macros), see Adding Simple Macros on
page 211.
Editing Macros
Deleting Macros
3. On the Macros page, click for the macro you want to delete.
4. When the confirmation message appears, click OK.
Assigning Macros
Once you have created a macro, you can assign them to specific triggers or other macros so that they can
automatically perform a series of actions under the right conditions.
When you add a trigger to a panel, assigning a macro is part of the process. Triggers and macros work
together as a cause and effect pair. When the all the triggering conditions are met, the macro is automatically
initiated.
1. Add a macro. For more information, see Adding Macros on the previous page.
2. Add a trigger. For more information, see Adding Triggers on the next page.
3. In the Trigger Add page, assign the new macro to the trigger.
4. Click .
You can activate a macro as part of a macro command to generate a complex series of actions.
1. Add a macro. For more information, see Adding Macros on the previous page.
2. When you add a new macro command, select Macro Control from the Command drop down list.
3. When the related options are displayed, select the macro you want from the Macro drop down list and
You can also assign a macro to a specific door by using the Simple Macro feature on the Door Operations
page. For more information, see Adding Simple Macros on page 211 and Operations tab (Mercury Security)
on page 256.
Sorting Macros
By default, when you add macro commands, the command actions are activated in the order they are added.
If you need to change the sequence of the macro commands, you can sort it into the order you want.
1. From the panel's Macros page, select the macro you want to sort.
2. On the following Macro Command list, click Sort. This button only appears if you have two or more
macro commands.
Each of the macro commands are highlighted in gray.
3. Click and drag the macro commands into the order you want.
4. Click Return when you are done.
Triggers
Triggers work with macros to generate a set of cause and effect events. Triggers are the specific sequence of
events that must occur before a macro will be activated.
For example, you might define a trigger to be a tamper alarm issued by a specific subpanel. The macro linked
to that trigger will then automatically lock the door associated with that panel and sound the alarm.
Triggers are usually defined through the Triggers page on a specific panel or subpanel properties sheet.
Adding Triggers
1. Select Physical Access > Panels.
2. Click the name of the panel that you want to add a trigger to.
3. On the Triggers page, click Add New Trigger.
4. Enter all the parameters that are required of the trigger.
Deleting Triggers
1. Select Physical Access > Panels.
2. Click the name of the panel that your trigger is on.
3. On the Triggers page, click for the trigger you want to delete.
4. When you see the confirmation message, click OK.
Configuring Doors
Doors in the ACM system are logical units incorporating one or more components that are connected to a
panel.
These items do not need to be physically installed on a door, but should be included if they affect how the
door locks or opens.
The usual components for a door are a reader, a lock (usually a strike), and a contact (usually a door position
or DPOS) that reports the door state. Additionally you can have an exit button (request-to-exit or REX) on the
opposite side of the door from the reader, or a second reader if you want to control access in both directions.
The Door list refreshes to show the doors that meet your filters.
Controlling Doors
While you are monitoring the system, you may need to override the default door settings to allow a visitor
access to an area, or unlock a door in an emergency situation. From a Doors listing page in Physical
Access or Monitor > Dashboard, use the Door Action, Door Mode, Forced, Held, and Installed drop-down
menus to control doors.
Doors can also be controlled from Monitor > Maps. For more information, see Using a Map on page 452.
Note: Only the Installed options are available for virtual doors installed for use with ACM Verify
readers.
1. Select the checkbox for each the door you want to control.
Or click All at the top of the left column to select all doors or None to deselect all doors.
2. For one or more doors, select a Door Action if required:
Note: The door actions below are not applicable for Schlage offline Wi-Fi doors or SALTO
standalone doors. Only Grant is applicable for Schlage Control™ locks. Only Unlock and
Locked No Access are applicable for Von Duprin remote undogging (RU) devices. Locked No
Access and Disable are not applicable for ASSA ABLOY battery-powered and external-
powered doors.
Adding Doors
To add a new door:
Note: Doors cannot be manually added for Allegion offline Wi-Fi locks, SALTO doors and
ASSA ABLOY IP doors. For information about adding doors and associated panels, see
Step 2: Setting Up Communication to Offline Wi-Fi Locks on page 293, Step 3: Syncing Doors
with the SALTO Server on page 304 and Step 2: Syncing Doors with the Door Service Router
on page 314, respectively.
Note: Fields in this list are dependent on the door or device. Some commands or fields are
Name Up to 50 characters for the name of the door. See Appendix: pivCLASS
Configuration on page 529.
Alt. Name An alternate name for the door.
Location A short description of the door location.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the
item, select one or more partitions. To allow all operators access to the item, do not
select a partition.
Panel The panel that controls the door, the gateway that controls the IP-mode wireless
device or the offline Wi-Fi device, or the external server that the ACM appliance is
connected to.
Displays for a panel that is connected to a subpanel that controls readers, locks,
inputs and outputs; or a gateway that controls IP-mode wireless devices.
Subpanel: The name of the subpanel that is connected to the main panel or the
name of the gateway.
Door Number or Lock Number: The door number for wired connections or lock
number for wireless devices. For SimonsVoss wireless locks, use the hexadecimal
address assigned by the SmartIntego Tool.
Device Id: Displays for Aperio AH-40 Hub subpanel only. The Lock/Sensor identifier
from the Aperio programming application.
Displays for a Schlage ENGAGE Gateway.
Lock Model: The lock model from the vendor.
Linked Device: The ID or name of each externally commissioned IP wireless or
offline Wi-Fi device. For more information, refer to the commissioning process in
vendor documentation.
Displays for an ASSA ABLOY DSR.
Lock Type: The battery-powered or external-powered lock type from the vendor.
Serial Number: The serial number of the lock.
Appliance The ACM appliance that is connected to the door, gateway, hub or external server.
Vendor The manufacturer of the panel, gateway, offline Wi-Fi device or external server.
Installed Enables communication between the ACM appliance and installed device after
saving.
Note: Only this lock function is supported for the ASSA ABLOY IP
locks.
l Apartment: Use the interior lock button to toggle between locked and
unlocked. When the door is locked, any valid token will open the door. The
door must be manually locked or it will stay unlocked.
l Classroom — Classroom/Storeroom — The lockset is normally secure. The
inside lever always allows free egress. Valid toggle credentials (i.e. a valid
card that is swiped twice within five seconds) on the exterior may be used to
change to a passage or secured status. Not to be used on mortise deadbolt.
Interior push button not to be used.
l Office — The lockset is normally secure. The inside lever always allows free
Note: A Restore door action is available on the Door listing page and the
Hardware Status page which resets the Door Mode to its default value.
Always Mask Forced: If selected, Door Forced Open alarms at the door are always
masked.
Always Mask Held: If selected, Door Held Open alarms at the door are always
masked.
Custom Mode: Another door mode that is supported by the gateway.
Custom Schedule: Displays for an IP-connected door (LE, LEB, NDE, NDEB series
lock) if the Card Only door mode is selected, or IP-connected RU device if the Locked
No Access door mode is selected. A predefined time when Custom Mode becomes
active. Never Active is OFF. 24 Hours Active is ON.
For Avigilon, enter:
Station Type: Default is ACM Verify station, which is used on connected devices. A
device that uses this station type of station is called an ACM Verify Station.
Managed: If selected, ACM Verify Station requires the user to grant or deny access
to the person entering a valid PIN code. It also displays the name and picture of the
user for verification.
UnManaged: If selected, ACM Verify Station automatically grants or denies access
and does not provide additional information when a PIN code is entered.
Geographic Timezone: The time zone where the ACM Verify device is located if it is
different from the time zone of the ACM appliance.
Into Area: The area that the badge holder enters by passing through the door and
where the ACM Verify Station is used, or not, to monitor access to the area. You must
specify an area if you want the virtual station to list all the people who have entered
the area.
Station Authentication: The method of authentication on the ACM Verify device.
Login specifies that the user log in to the ACM software using the ACM URL from the
browser on the ACM Verify device. Paired specifies that the ACM Verify is paired to
the ACM system. If the authentication type is Paired, the Door Add page refreshes
and displays the Add Paired Device button.
Note: In many cases readers in offline mode require a very simple solution
for entry or exit because of the memory limitations. The recommended
Offline Door Mode option is Locked No Access.
Custom Mode: Another entry mode that is supported by the door module in addition
to Door Mode and Offline Door Mode options.
Custom Schedule: When the Custom Mode becomes active. Never Active is OFF. 24
Hours Activeis ON.
Masked Forced Schedule: A predefined time when Door Forced Open alarms from
the door will be masked.
Masked Held Schedule: A predefined time when Door Held Open alarms from the
door will be masked.
Always Mask Forced: If selected, Door Forced Open alarms at the door are always
masked.
Always Mask Held: If selected, Door Held Open alarms at the door are always
masked.
Log Grants Right Away: Initiates local I/O in the panel using the panel triggers. The
system logs an extra event as soon as a grant occurs (that is, before entry / no entry
is determined). This event is not turned into an Access Control Manager event.
Certain customers may have a trigger they want to fire (to execute a macro) as soon
as there is a grant but before entry / no entry is determined.
Log All Access as Used: Logs all access grant transactions as if the person used the
door. If this field is not selected, the door determines if it was opened and
distinguishes if the door was used or not used for grant.
Detailed Events: Displays the current position of the door position switch (DPOS) in
the Door State column of the door listing screen. When enabled the column displays
“Open” when the DPOS is in an open state and “Closed” when the DPOS is in a
closed state.
Note: To properly report the Door State from the Door Position Switch,
Detailed Events must be enabled.
Typically, five to ten detailed transactions are generated for each grant transactions.
During the normal course of operation, most guards don't need to see extensive
reports on events; however, after hours, it is often useful to see every detail.
Do Not Log Rex Transactions: Indicates that request-to-exit transactions do not get
logged to the database.
Note: This is the only attribute supported for offline Wi-Fi locks.
Note: This field must not be checked for the SimonsVoss wireless lock, such
as cylinders, on a door that does not support a door position switch (DPOS).
Require Two Card Control: Two tokens are required to open this door. This enforces
the two-person rule at a specified door.
Door Forced Filter: : Filters door-forced alarms. Sometimes a door is either slow to
close or is slammed shut and bounces open for a few seconds. With this filter, the
monitor allows three seconds for a door to close before issuing an alarm.
Log All Access as Used: Logs all access grant transactions as if the person used the
door. If this field is not selected, the door determines if it was opened and
distinguishes if the door was used or not used for grant.
Detailed Events: Displays the current position of the door position switch (DPOS) in
the Door State column of the door listing screen. When enabled the column displays
“Open” when the DPOS is in an open state and “Closed” when the DPOS is in a
closed state.
Note: To properly report the Door State from the Door Position Switch,
Detailed Events must be enabled.
Typically, five to ten detailed transactions are generated for each grant transactions.
During the normal course of operation, most guards don't need to see extensive
reports on events; however, after hours, it is often useful to see every detail.
Enable Cipher Mode: Enables the operator to enter card number digits at the door’s
keypad.
Use Shunt Relay:Enables the use of a shunt relay for this door.
Do Not Log Rex Transactions: Indicates that request-to-exit transactions do not get
logged to the database.
5. Click to add the door. Once saved the page becomes the Door: Edit page. If a door template was
used, the fields on the Parameters and Operations tabs are entered.
6. To edit door configuration, see Editing Doors on the next page. To edit lock configuration, see
Step 3: Configuring IP Wireless Devices on page 284.
l Parameters: Edit access type, processing attributes, lock functions, and other options.
l Operations: Displays for HID VertX, Mercury Security, Schlage wired and RSI wireless locks,
and ASSA ABLOY IP locks only. Edit simple macros, accepted card formats and other options.
l Hardware: Displays for HID VertX, Mercury Security, and Schlage wired and RSI wireless locks
only. Edit reader, door position, strike and request to exit (REX).
l Elev: Displays for Mercury Security only. View elevator door details.
l Cameras: Add or remove associated cameras.
l Interlocks: Displays for Mercury Security only. Sets interlocks.
l Events: View and edit door events.
l Access: Does not display for RU and RM exit devices. View access groups, roles and identities
that have door access.
l Transactions: View door transactions.
Editing Doors
A door can be edited after its initial configuration. For example, you may need to change the access type or
door mode to reflect changes on your site.
Deleting Doors
To delete a door:
Note: SALTO doors only. When doors are deleted in the ACM system, the corresponding
doors in the SALTO system are not deleted. At the next manual sync in the ACM system, the
door will display as a new uninstalled door.
Door Modes
Note: Fields in this list are dependent on the door or device. Some commands or fields are not
supported for all doors or devices.
For Mercury Security and HID VertX panels. The same list of options is provided for the Offline Door Mode
option.
For ASSA ABLOY IP-enabled doors, SALTO standalone doors and Schlage offline Wi-Fi doors. Any locks that
do not support real-time communication with a server, will not display door mode options on the Doors list
page and maps. Door mode can be set on the Door: Edit page and by using a batch job (specification).
All employees share a single code. This option can be useful in offline
situations, when the door controller is no longer communicating with the
Access Control Manager host.
Card Only The door can be accessed using a card. No PIN is required. To support the
selected Assurance Profile for a pivCLASS configured door, it is
recommended to set the Door Mode to Card Only.
Mercury door only. The type of reader used to read this card is determined
in the Reader Type field.
No card is required.
Note: This door mode is not available if the 'Allow duplicate PINs'
option has been selected on the System Settings - General page.
Card and Pin The door can only be accessed using both a card and a PIN.
ASSA ABLOY IP door only. If the token does not have a PIN, the door can
be accessed by swiping the card only.
Card or Pin The door can be accessed either by entering a PIN at a keypad or by using
a card at the card reader.
Note: This door mode is not available if the 'Allow duplicate PINs'
option has been selected on the System Settings - General page.
Office SALTO door only. The lock allows the cardholder to leave the lock open.
To use this mode, the cardholder presents the key to the door while
pressing down the inner handle and repeats the procedure to undo the
mode.
Toggle SALTO door only. The door allows the cardholder to toggle between
leaving the lock open and closing it by presenting the assigned key (there
is no need to press down the inner handle).
To use this mode, the cardholder presents the key to leave the lock open
and repeats the procedure to close it.
Keypad Only SALTO door only. The door can only be accessed by entering the shared
keypad code at a keypad. If selected, Keypad Code is displayed. You can
enter up to 8 digits.
First Person Through ASSA ABLOY battery-powered or external-powered door only. The first
person who is granted access to the door will unlock the lock.
Exit Leaves Open SALTO door (not connected to control unit) only. The door is unlocked
when the inner door handle is pressed. Allows the cardholder to exit and
return to the building without using an assigned key during an emergency
(referred to as Escape and Return mode).
To lock the door, add a global action to set a time limit on the open door.
Toggle and Exit Leaves Open SALTO door (not connected to control unit) only. The door allows the
cardholder to use either the Toggle or Exit Leaves Open door mode during
an emergency (referred to as Escape and Return mode).
Note: The options may be different depending on the type of panel that is connected to the door.
Feature Description
Single This is a door with a reader/keypad on only one side, normally entry only.
Paired This indicates that this door possesses a reader/keypad on both sides, entry and exit, and that
Primary this side is the Primary.
If you select this option, the Paired Door option is automatically displayed for you to specify
the other reader that is installed on the door.
Paired This indicates that this door possesses a reader/keypad on both sides, entry and exit, and that
Replica this side is the replica.
If you select this option, the Paired Door option is automatically displayed for you to specify
the other reader that is installed on the door.
Elev no This door is an elevator with no feedback input.
feedback
Elev This door is an elevator with a feedback input.
feedback
Anti-Passback
The anti-passback (APB) feature can be configured to log or prevent a card from being re-used to access the
same area unexpectedly.
For example, the same card cannot be used to enter the same room twice in a row. If a badge holder enters a
room then passes the card to another potential badge holder to reuse the card at the same door, an APB
error is logged and may be configured to prevent the second badge holder from entering.
Another example is when an access card is also required to exit. If a badge holder holds open a door for
another person, the second person would not be able to exit even if they have an access card because the
system requires the badge holder to log an entrance in the system before they can exit.
Anti-Passback Modes
When you select the Operations tab on the Door Edit page, one of the options is APB Mode.
Anti-Passback (APB) requires that a user must enter and exit a room before they may enter another room. For
example, the typical user of a parking lot would normally swipe their card at the “in” reader to enter the lot
and swipe it at the “out” reader to exit the lot. However, if a user swipes their card at the “in” reader then
passes their card back to a friend, the card would be denied access the second time when it is swiped by the
friend.
To track anti-passback, a card reader must be installed on both the inside and the outside of the door. Users
Note: The APB modes may be different depending on the panels you have installed.
Mode Description
No APB is not used.
Selection
Door- Allows you to configure APB with just one reader. The door keeps track of each badge that
Based enters and does not allow the same badge to enter twice in a row until after the APB time limit is
Timed
reached.
APB
Make sure you specify an APB time limit in the APB Delay field. Do not configure the area
entering or area leaving setting for the door.
Token- Tracks each door a badge has accessed. After the badge has accessed one door, it must access
Based a second door or wait until the APB time limit is reached before it may access the first door
Timed
again.
APB
Make sure you specify an APB time limit in the APB Delay field. Do not configure the area
entering or area leaving setting for the door.
Hard Tracks each badge that enters a door and does not allow the same badge to enter twice in a
Door APB row. This badge will not be able to enter through the same door until it has accessed a second
door.
Hard Area Tracks each badge that enters a specific area and defines which areas the badge may access
APB next. The badge is denied access if it tries to access an undefined area. If the badge is used to
access an area that a person is already in, the badge is denied access and an APB violation is
logged.
Make sure you configure the area entering and area leaving setting for the specified door.
Note: The Don't Care setting is not applicable to the Out of Area and Into Area fields. In
addition, this mode is not used across multiple controller panels.
Soft Area Tracks each badge that enters a specific area and defines which areas the badge may access
APB next. The badge is allowed to access the area, but the access is logged as an APB violation.
Make sure you configure the area entering and area leaving setting for the specified door.
Timed Time-based hard area APB. When the time limit expires, the hard area APB becomes a soft area
Area APB APB. If a person leaves the area by going through a door marked Out of Area, the APB will be
reset.
Make sure you configure the area entering and area leaving setting for the specified door.
Setting Up Anti-Passback
Before you begin, consider what type of anti-passback (APB) mode that you need for each situation. For more
information, see Anti-Passback Modes on page 215.
To use the APB feature, you must set up at least two doors in ACM: one to represent the entrance and one to
represent an exit.
Note: Two-person minimum occupancy is supported on an installed door that uses Mercury panels
and controller firmware 1.29.1 or later.
An area with 2-Person Control enabled in ACM (see Safe in the following example) will enforce a two-person
occupancy minimum in the area. This means that the first access requires two people to swipe their cards
before they can access the area. Any subsequent access requires only one person to swipe their card. When
leaving the area, the last two people need to swipe their cards in order to exit.
Adjacent lobby:
Lobby
For more information, see Adding Areas on page 319 and Editing Areas on page 319
2. Add two doors in ACM to represent the single Mercury Security door.
Example:
Door representing the entry into the two-person minimum occupancy area:
Name Installed Access Type APB Mode Into Area Out of Area
Hardware tab:
Door representing the exit from the two-person minimum occupancy area:
Operations tab:
Name Installed Access Type APB Mode Into Area Out of Area
Hardware tab:
Safe Exit DPOS (Subpanel:N Output:N) Safe Exit Strike (Subpanel:N Output:N)
For more information, see Adding Doors on page 225 and Editing Doors on page 211.
3. Add two or more identities and ensure their tokens are assigned. For more information, see Adding an
Identity on page 69 and Assigning Tokens to Identities on page 71.
If specified, APB Exempt applies to all defined areas.
4. To enter the two-person minimum occupancy area:
l If the area is empty, two people will need to swipe their individual cards to access the area. The
second card must swipe within 15 seconds of the first swipe.
l When the area contains two people, a swipe from a third person (and any subsequent swipe)
will allow access to the area.
5. To leave the two-person minimum occupancy area:
l If the area contains more than two people, a single swipe will allow them to exit the area until
only two people are left in the area.
l When the area contains only two people, both of them will need to swipe to exit the area. The
second card must swipe within 15 seconds of the first swipe.
For example, an employee uses his access card to unlock the office entrance but is distracted by another
employee before he opens the door. The two employees speak for several minutes, and the door
automatically locks after a set amount of time. When the first employee attempts to unlock the office door
again, this triggers an APB alarm and the employee is locked out. The employee contacts the security officer
and explains the situation, the security officer can grant one free pass to allow the employee back into the
office area.
1. Click Identities.
The Identities list is displayed.
2. From the Identities list, click on the name of the identity.
The Identities: Edit screen is displayed.
3. Select the Tokens tab.
4. Beside the 1 free pass button, select a door.
5. Click 1 free pass.
The badge holder can now enter the door without generating an new anti-passback alarm.
Global anti-passback is automatically implemented using APB mode. For more information about global anti-
passback modes, see Anti-Passback Modes on page 215.
Interlocks
An interlock is a mechanism that enables a specific event from one element of the system to trigger an action
at another element. Interlocks allow you to set up security routines like man-traps, prison entry points, and
automated building functions.
Adding Interlocks
1. From the Interlock list, click Add Interlock. For more information about how to access the different
Interlock Listing pages, see Interlocks on the previous page.
2. On the following Interlock Add page, add the required information.
Notice that as you select options, new fields are displayed to help you further define your
requirements.
Editing Interlocks
1. From the Interlock list, click the name of an interlock. For more information about how to access the
different Interlock Listing pages, see Interlocks on the previous page.
2. On the following Interlock Edit page, make the required changes.
Doors list
The Doors page lists of all the doors you are authorized to see and control. From this list you can control
doors, as well as add and delete doors, edit doors and their associated controller panels, and create
overrides to temporarily change the normal status of selected doors.
Note: Overrides can only be applied to installed doors on Mercury panels using controller firmware
1.27.1 or later.
Many facilities require the control and monitoring of dozens, even hundreds, of doors simultaneously. This
can result in a crowded listing page. You can search for specific doors to narrow the list of doors, filter the
columns for specific values, and create and save custom filters. You can then sort the results using any one
There are three groupings which are color-coded — Normal , Alarms , Masked :
Adding and deleting doors
l Click the Add Door button to define a new door. For more information, see Adding Doors on
page 225.
l Select doors in the list and click the Delete button.
Editing doors and panels:
l Click the link to the door in the Name column. For more information, see Editing Doors on page 211.
l Click the link to the panel in the Panel column.
Controlling doors:
Select doors in the list and then use the drop-down options from the control buttons at the top of the page to
All/None Use this toggle to select and deselect all the doors currently visible in the list. Or you
can use the checkbox to select individual doors.
Device status Displays the device status. Hover the mouse over the related icon to see more
details.
Note: The tamper icon only appears for OSDP readers, and reports whether
the reader is offline or has been tampered with.
Click on this name to open the Door: Edit page Parameters tab.
Panel The name of the panel to which this door is connected. Click on this name to open
the Panel: Edit page Configure tab.
Note: To properly report the Door State from the Door Position Switch, the
Detailed Events parameter must be enabled for the door. If this parameter is
not set for a door, edit the parameters for the door.
Door mode Indicates the door mode — the method by which the door is opened:
l Disabled
l Unlocked
l Locked No Access
l Facility Code Only
l Card Only
See Appendix: pivCLASS Configuration on page 529.
l Pin Only
l Card & Pin
l Card or Pin
Adding Doors
To add a new door:
Note: Doors cannot be manually added for Allegion offline Wi-Fi locks, SALTO doors and
ASSA ABLOY IP doors. For information about adding doors and associated panels, see
Step 2: Setting Up Communication to Offline Wi-Fi Locks on page 293, Step 3: Syncing Doors
with the SALTO Server on page 304 and Step 2: Syncing Doors with the Door Service Router
on page 314, respectively.
Note: Fields in this list are dependent on the door or device. Some commands or fields are
not supported for all doors or devices.
Name Up to 50 characters for the name of the door. See Appendix: pivCLASS
Configuration on page 529.
Alt. Name An alternate name for the door.
Location A short description of the door location.
Note: Only this lock function is supported for the ASSA ABLOY IP
locks.
l Apartment: Use the interior lock button to toggle between locked and
unlocked. When the door is locked, any valid token will open the door. The
door must be manually locked or it will stay unlocked.
l Classroom — Classroom/Storeroom — The lockset is normally secure. The
inside lever always allows free egress. Valid toggle credentials (i.e. a valid
card that is swiped twice within five seconds) on the exterior may be used to
change to a passage or secured status. Not to be used on mortise deadbolt.
Interior push button not to be used.
l Office — The lockset is normally secure. The inside lever always allows free
Note: A Restore door action is available on the Door listing page and the
Hardware Status page which resets the Door Mode to its default value.
Always Mask Forced: If selected, Door Forced Open alarms at the door are always
masked.
Always Mask Held: If selected, Door Held Open alarms at the door are always
masked.
Custom Mode: Another door mode that is supported by the gateway.
Custom Schedule: Displays for an IP-connected door (LE, LEB, NDE, NDEB series
lock) if the Card Only door mode is selected, or IP-connected RU device if the Locked
No Access door mode is selected. A predefined time when Custom Mode becomes
active. Never Active is OFF. 24 Hours Active is ON.
For Avigilon, enter:
Station Type: Default is ACM Verify station, which is used on connected devices. A
device that uses this station type of station is called an ACM Verify Station.
Managed: If selected, ACM Verify Station requires the user to grant or deny access
to the person entering a valid PIN code. It also displays the name and picture of the
user for verification.
UnManaged: If selected, ACM Verify Station automatically grants or denies access
and does not provide additional information when a PIN code is entered.
Geographic Timezone: The time zone where the ACM Verify device is located if it is
different from the time zone of the ACM appliance.
Into Area: The area that the badge holder enters by passing through the door and
where the ACM Verify Station is used, or not, to monitor access to the area. You must
specify an area if you want the virtual station to list all the people who have entered
the area.
Station Authentication: The method of authentication on the ACM Verify device.
Login specifies that the user log in to the ACM software using the ACM URL from the
browser on the ACM Verify device. Paired specifies that the ACM Verify is paired to
the ACM system. If the authentication type is Paired, the Door Add page refreshes
and displays the Add Paired Device button.
Note: In many cases readers in offline mode require a very simple solution
for entry or exit because of the memory limitations. The recommended
Offline Door Mode option is Locked No Access.
Custom Mode: Another entry mode that is supported by the door module in addition
to Door Mode and Offline Door Mode options.
Custom Schedule: When the Custom Mode becomes active. Never Active is OFF. 24
Hours Activeis ON.
Masked Forced Schedule: A predefined time when Door Forced Open alarms from
the door will be masked.
Masked Held Schedule: A predefined time when Door Held Open alarms from the
door will be masked.
Always Mask Forced: If selected, Door Forced Open alarms at the door are always
masked.
Always Mask Held: If selected, Door Held Open alarms at the door are always
masked.
Log Grants Right Away: Initiates local I/O in the panel using the panel triggers. The
system logs an extra event as soon as a grant occurs (that is, before entry / no entry
is determined). This event is not turned into an Access Control Manager event.
Certain customers may have a trigger they want to fire (to execute a macro) as soon
as there is a grant but before entry / no entry is determined.
Log All Access as Used: Logs all access grant transactions as if the person used the
door. If this field is not selected, the door determines if it was opened and
distinguishes if the door was used or not used for grant.
Detailed Events: Displays the current position of the door position switch (DPOS) in
the Door State column of the door listing screen. When enabled the column displays
“Open” when the DPOS is in an open state and “Closed” when the DPOS is in a
closed state.
Note: To properly report the Door State from the Door Position Switch,
Detailed Events must be enabled.
Typically, five to ten detailed transactions are generated for each grant transactions.
During the normal course of operation, most guards don't need to see extensive
reports on events; however, after hours, it is often useful to see every detail.
Do Not Log Rex Transactions: Indicates that request-to-exit transactions do not get
logged to the database.
Note: This is the only attribute supported for offline Wi-Fi locks.
Note: This field must not be checked for the SimonsVoss wireless lock, such
as cylinders, on a door that does not support a door position switch (DPOS).
Require Two Card Control: Two tokens are required to open this door. This enforces
the two-person rule at a specified door.
Door Forced Filter: : Filters door-forced alarms. Sometimes a door is either slow to
close or is slammed shut and bounces open for a few seconds. With this filter, the
monitor allows three seconds for a door to close before issuing an alarm.
Log All Access as Used: Logs all access grant transactions as if the person used the
door. If this field is not selected, the door determines if it was opened and
distinguishes if the door was used or not used for grant.
Detailed Events: Displays the current position of the door position switch (DPOS) in
the Door State column of the door listing screen. When enabled the column displays
“Open” when the DPOS is in an open state and “Closed” when the DPOS is in a
closed state.
Note: To properly report the Door State from the Door Position Switch,
Detailed Events must be enabled.
Typically, five to ten detailed transactions are generated for each grant transactions.
During the normal course of operation, most guards don't need to see extensive
reports on events; however, after hours, it is often useful to see every detail.
Enable Cipher Mode: Enables the operator to enter card number digits at the door’s
keypad.
Use Shunt Relay:Enables the use of a shunt relay for this door.
Do Not Log Rex Transactions: Indicates that request-to-exit transactions do not get
logged to the database.
5. Click to add the door. Once saved the page becomes the Door: Edit page. If a door template was
used, the fields on the Parameters and Operations tabs are entered.
6. To edit door configuration, see Editing Doors on page 211. To edit lock configuration, see
Step 3: Configuring IP Wireless Devices on page 284.
l Parameters: Edit access type, processing attributes, lock functions, and other options.
l Operations: Displays for HID VertX, Mercury Security, Schlage wired and RSI wireless locks,
and ASSA ABLOY IP locks only. Edit simple macros, accepted card formats and other options.
l Hardware: Displays for HID VertX, Mercury Security, and Schlage wired and RSI wireless locks
only. Edit reader, door position, strike and request to exit (REX).
l Elev: Displays for Mercury Security only. View elevator door details.
l Cameras: Add or remove associated cameras.
l Interlocks: Displays for Mercury Security only. Sets interlocks.
l Events: View and edit door events.
l Access: Does not display for RU and RM exit devices. View access groups, roles and identities
that have door access.
l Transactions: View door transactions.
After you save a new door for the first time, the screen refreshes and displays the initial Parameters page for
the door.
Feature Description
Name The name of the door.
Alt Name The alternative name of the door.
Location The location of the door.
Appliance The appliance the door is connected to.
Vendor The name of the door manufacturer.
Installed Enables communication between the ACM appliance and installed device after saving.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item,
select one or more partitions. To allow all operators access to the item, do not select a
partition.
Panel Specify the panel the door is assigned to.
After you make your selection, new options may be displayed to define how the door is
connected to the panel.
Subpanel Specify the subpanel that is connected to the door.
This option is only displayed if there is a subpanel connected to the specified panel.
Lock Number Specifies a configured group of readers, inputs, and outputs that are connected from the
subpanel to the door. Select the lock number from the drop-down list.
Access Type Select the Access Type for the door.
Tip: If the access type is a paired door (paired primary or paired replica), the Door
Add page re-displays with the additional field, Paired Door. Select the Paired Door
option from the drop down list.
Door Mode Select the entry mode for the door when the door controller is online and communicating
with the panel.
Offline Door Select the entry mode used for the door if the door controller is no longer communicating
Mode with the panel.
Note: In many cases readers in offline mode require a very simple solution for entry
or exit because of the memory limitations. The recommended Offline Door Mode
option is Locked No Access.
These options should only be used when the Detailed events option is enabled.
Deny Duress If a user indicates duress at a door, checking this box denies access.
Don't Pulse Check this box to disable the pulse of the door strike when request-to-exit button is
Door Strike activated.
on REX
Detailed Check this box to generate detailed events of all hardware at the door including door
Events position masking, timer expiration and output status.
This feature is useful for circumstances where it is important to know all the details of an
event.
Enable Cipher Check this box to enable cipher mode.
Mode
Cipher mode allows the operator to enter card number digits at the door’s keypad.
Do Not Log Check this box to disable logging of request-to-exit transactions.
Rex
Transactions
Click this button to save your changes.
After you save a new door for the first time, the screen refreshes and displays the initial Parameters page for
the door.
Note: Fields in this list are dependent on the door or device. Some commands or fields are not
supported for all doors or devices.
Feature Description
Name The name of the door.
Alt Name The alternative name of the door.
Location The location of the door.
Appliance The appliance the door is connected to.
Vendor The name of the door manufacturer.
Installed Enables communication between the ACM appliance and installed device after saving.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item,
select one or more partitions. To allow all operators access to the item, do not select a
partition.
Panel Specifies the panel the door is assigned to.
After you make your selection, new options may be displayed to define how the door is
connected to the panel.
Subpanel Specifies the subpanel that is connected to the door.
This option is only displayed if there is a subpanel connected to the selected main panel.
Door Number A configured group of readers, inputs, and outputs that are connected from the subpanel to
the door.
For wired connections, the door number from the drop-down list.
Tip: If the access type is a paired door (paired primary or paired replica), the Door
Add page re-displays with the additional field, Paired Door. Select the Paired Door
option from the drop down list.
Door mode The entry mode for the door when the door controller is online and communicating with the
panel.
Note: In many cases readers in offline mode require a very simple solution for entry
or exit because of the memory limitations. The recommended Offline Door Mode
option is Locked No Access.
Select the Offline Mode option from the drop down list.
Lock Select how the interior lock button will function.
Function
l Privacy — When you press the interior lock button, the door will lock and the exterior
lock will not grant access to any token. To unlock, you must press the interior lock
button again or exit the room.
l Apartment — When you press the interior lock button, the door will lock but any valid
token will open the door. The door must be manually locked or it will stay unlocked.
l Classroom — Classroom/Storeroom. The lockset is normally secure. The inside lever
always allows free egress. Valid toggle credentials (i.e. a valid card that is swiped
twice within five seconds) on the exterior may be used to change to a passage or
secured status. Not to be used on mortise deadbolt. Interior push button not to be
used.
l Office — The lockset is normally secure. The inside lever always allows free egress.
An interior push-button on the inside housing may be used to select a passage or
secured status. Meets the need for lockdown function for safety and security. Valid
toggle credentials (i.e. a valid card that is swiped twice within five seconds) on the
exterior may also be used to change status. Not to be used on mortise deadbolt.
There is a Restore door action available on the Hardware Status page or Door Listing page
which resets the door's configuration values to their default value. If the door is in any mode
(Classroom, Office, Privacy, or Apartment) it will be 'restored' to the opposite status (e.g. if
the door is in Privacy mode then it is locked - if the Restore option is selected then the door
will return to its default mode, which is the mode set in the base configuration for the door).
Certain customers may have a trigger they want to fire (to execute a macro) as soon as there
is a grant but before entry / no entry is determined.
Deny duress Check this box to deny access to a user that indicates duress at a door.
Don't pulse Check this box to disable the pulse of the door strike output when the request-to-exit button
door strike on is pressed and can be used for a 'quiet' exit.
REX
If this box is not checked, the output is pulsed.
For SimonsVoss wireless lock doors that do not support a door position switch (DPOS) , this
box must not be checked.
Require two Check this box to specify that two tokens are required to open this door. This enforces two-
card control person rule at a specified door.
Door Forced Check this box to enable the filter feature for door forced alarms.
Filter
There are instances when a door is either slow to close or is slammed shut and bounces
open for a few seconds. With this filter, the monitor allows three seconds for a door to close
before issuing an alarm.
Log all access Check this box to log all access grant transactions as if the person used the door. If this box
as used is not checked, the door determines if it was opened and will distinguish if the door was
used or not used for grant.
Note: To properly report the Door State from the Door Position Switch, Detailed
Events must be enabled.
Typically, five to ten detailed transactions will be generated for each grant transactions.
During the normal course of operation, most guards don't need to see extensive reports on
events; however, after hours, it is often useful to see every detail.
Enable cipher Check this box to enable cipher mode.
mode
Cipher mode allows the operator to enter card number digits at the door’s keypad.
Use Shunt Check this box to enable the use of a shunt relay for this door.
Relay
Do Not Log Check this box to indicate that return-to-exit transactions do not get logged to the database.
Rex
Transactions
Click this button to save your changes.
For definitions of the relevant fields and pages for each door type, refer to the page specific to your door
vendor.
l Door: Edit page (VertX® ) below
l Door: Edit page (Mercury Security) on page 252
When you select a VertX® door, the configurable options are arranged in tabs on the Door: Edit page.
Define the door connections, door mode, schedule and processing attributes on the Parameters tab on the
Door Edit page.
After you make your selection, new options may be displayed to define how the door is
connected to the panel.
Subpanel The subpanel that is connected to the door.
This option is only displayed if there is a subpanel connected to the specified panel.
Lock Number A configured group of readers, inputs, and outputs that are connected from the subpanel to
the door. Select the lock number from the drop-down list.
Access Type The Access Type for the door.
Tip: If the access type is a paired door (paired primary or paired replica), the Door
Add page re-displays with the additional field, Paired Door. Select the Paired Door
option from the drop down list.
Door Mode The entry mode for the door when the door controller is online and communicating with the
panel.
Offline Door The entry mode used for the door if the door controller is no longer communicating with the
Mode panel. The Offline Door Mode is no longer supported if the door controller is connected to
an LP4502 panel that has replaced an HID VertX panel.
Note: In many cases readers in offline mode require a very simple solution for entry
or exit because of the memory limitations. The recommended Offline Door Mode
option is Locked No Access.
Custom Any additional door mode the door must support outside the Door Mode and Offline Mode
Mode options.
Custom When the Custom Mode would be active.
Schedule
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Mask Forced When Door Forced Open alarms from this door will be masked.
Schedule
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
These options should only be used when the Detailed events option is enabled.
Deny Duress If a user indicates duress at a door, checking this box denies access.
Don't Pulse Check this box to disable the pulse of the door strike when request-to-exit button is
Door Strike activated.
on REX
Detailed Check this box to generate detailed events of all hardware at the door including door
Events position masking, timer expiration and output status.
This feature is useful for circumstances where it is important to know all the details of an
event.
Enable Check this box to enable cipher mode.
Cipher Mode
Cipher mode allows the operator to enter card number digits at the door’s keypad.
Do Not Log Check this box to disable logging of request-to-exit transactions.
Rex
Transactions
Click this button to save your changes.
Create New Click this button to generate a PDF report on this door.
Report
Add Door Click this button to add a new door.
Transaction Click this button to generate a PDF transaction report on this door.
Report
Show Policy Click this button to generate a PDF report on the current door policy.
Click this button to delete this door.
Click OK in the dialog box that displays to confirm the deletion. The door will be deleted and
you will be returned to the Doors list.
Edit door operations, including the door mode, door held pre-alarms, anti-passback and strike modes.
This option is only displayed if there is a subpanel connected to the selected main panel.
Lock The number ID for the set of inputs/outputs that are connected from the subpanel to the door.
Number
This option is only displayed if there are inputs or outputs connected to the selected
subpanel.
APB Mode The anti-passback mode for the door.
Select the area from the drop down list. Only those areas currently defined for this system
appear in this list.
Out of area The area the user moves into when exiting the door.
Click Remove Macro to delete a macro. This button only appears if the macro has been saved
in the system.
Create New Click this button to generate a PDF report on this door.
Report
Add Door Click this button to add a new door to the system.
When you click the Hardware tab at the Door Edit screen, the HID Hardware page is displayed. This page
allows you to connect and edit readers, inputs and outputs to the door.
Feature Description
Name The name of the door.
Alt Name The alternative name of the door.
Location The location of the door.
Appliance The appliance the door is connected to.
Vendor The name of the door manufacturer.
Installed Enables communication between the ACM appliance and installed device after saving.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Panel Specifies the panel the door is assigned to.
Subpanel Specifies the subpanel that is connected to the door.
This option is only displayed if there is a subpanel connected to the selected main panel.
Lock The number ID for the set of inputs/outputs that are connected from the subpanel to the door.
Number
This option is only displayed if there are inputs or outputs connected to the selected
subpanel.
To edit one of the readers, inputs or outputs that are connected to the door, click beside
the hardware item:
l
If you click beside the Reader or Alternate Reader, the Reader Edit page is
displayed.
l
If you click beside the Door Position, REX #1 or Rex#2, the Input Edit page is
displayed.
l
If you click beside Strike, the Output Edit page is displayed.
Click this button to save your changes.
Create New Click this button to generate a PDF report on this door.
Report
Add New Click this button to add a new door to the system.
Door
Feature Description
Name Enter the name of this reader.
Alt. name Enter an alternative name for this reader.
Location Enter a brief description of the location of this reader.
Keypad From the drop down option list, select the keypad decode or enryption method you want to use
decode for this reader. Choose from these options:
l Hughes ID 4-bit
l Indala
l MR20 8-bit no tamper
Wiegand Check this box to indicate that this reader supports the Wiegand standard.
NCI Check this box to indicate that this reader supports the NCI magstripe standard.
magstripe
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Feature Description
Input The name of the input point.
Installed Enables communication between the ACM appliance and installed device after saving.
Address The read-only address of this point.
Supervision If resistors are used to monitor the input, select the level of resistance expected to indicate
open or closed.
Only the cameras that have been added to the system are listed.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Show Policy Click this button to display the policies associated with this input module.
Note: VertX® output panels do not have an operating mode option because they are automatically
energized when active. You can set the panels to be "not energized when active" if wired in reverse.
Feature Description
Output The name of this output point.
Installed Enables communication between the ACM appliance and installed device after saving.
Address The read-only address for this output point.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Show Click this button to display the policies associated with this output module.
Policy
1Due to mechanical properties of a switch, when a switch is closed, there is a period of time in which the
electrical connection "bounces" between open and closed. To a microcontroller, this "bouncing" can be
interpreted as multiple button pushes. To suppress the "bouncing", the controller software is designed to
anticipate it. This is known as "debouncing a switch".
When you click the Cameras tab on the Door Edit screen, the HID Camera page is displayed. From this page,
you can assign specific cameras to record video of the selected door.
Feature Description
Name The name of the door.
Alt Name The alternative name of the door.
Location The location of the door.
Appliance The appliance the door is connected to.
Vendor The name of the door manufacturer.
Installed Enables communication between the ACM appliance and installed device after
saving.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to
the item, select one or more partitions. To allow all operators access to the item,
do not select a partition.
Panel Specifies the panel the door is assigned to.
After you make your selection, new options may be displayed to define how the
door is connected to the panel.
This option is only displayed if there are inputs or outputs connected to the
selected subpanel.
Door The number that has been assigned to the door module by the wireless lock
Number configuration device.
Camera Select the external system that is connected to the camera.
Type
The Available window is populated with those cameras that fit this definition.
Click the Camera button beside this field to view live video from the camera. For
more information on the video viewer window, see Configuring and Viewing
Live Video Stream on page 267.
Available This window displays a list of cameras that have been configured in the system.
To connect a camera to the door, select the camera from the Available list, then
click to move it to the Members list.
To disconnect a camera from the door, select the camera from the Members list,
then click to move it to the Available list.
Search If you have more than 10 cameras, the Search feature may be displayed to help
you find the cameras you need.
In the Search field, enter the name of the camera you want to find, then click
Filter. You can narrow your search by selecting the Case-sensitive option. Click
Clear to restore the full list of available cameras.
Click this button to save your changes.
Events tab
This page lists all the local and global events that can be triggered by this door. The Local Events table is only
listed when there are local events configured for the door.
Local Events
This table is only displayed if there are local events for the device.
Name The name of this event.
Global Events
This table displays all the global events that are related to this type of device.
Name The name of this event.
Event The event type.
Source Type the source of this event.
Has On/Off If the event toggles on or off.
Only events types that have been defined in the system appear in the drop down list.
Source Type The device that is the source of the event.
Priority Specify the priority of this event.
The Alarm Monitor displays alarms according to their priority. Priority 1 is the highest priority
and is always displayed at the top.
Alarm Select an alarm sound that is played when a new alarm occurs while you are monitoring the
Sound Alarms page.
Suppress Select a schedule when alarm events are not reported.
Time
Only schedules that have been defined in the system are listed.
Instructions Enter any instructions that may be required for handling this event.
The instructions are made available to the user on the Monitor screen.
Return Select the event type of the RTN event.
Event
Return Specify the priority of the RTN event.
Priority
The priority range is 1 - 999.
Has on/off Indicates that this event has an RTN event associated with it.
Note: Adding return event information manually on this screen does not change the
setting of this checkbox. It is set only if the original event has an associated
RTN event defined for it.
Masked Check this box to indicate that this a masked event by default. This can be changed on the
Event List page.
Logged Check this box to log the event by default. This can be changed on the Event List page.
Note that if Event Type logging is turned on, then all Events of that Event Type are logged,
regardless of their individual logging configuration. If Event Type logging is turned off, then
the logging configuration of the specific Events of that Event type are adhered to.
Show Video Check this box to auto-launch video from the linked camera feed when the event occurs by
default. This can be changed on the Event List page.
If the same operator attempts to clear the alarm, then nothing will happen.
Email Enter the email address of all the people who should be notified when this event occurs.
You can enter more than one email address separated by a comma.
Roles:
Available A list of all the roles that are available to you in the system.
To allow specific role to have access to view or edit this event, select a role from the Available
list then click to add the role to the Member list.
To move one or more roles to the Members window, click to select one role then Ctrl + click
to select a non-consecutive group of roles, or Shift + click to select a consecutive roles.
Members A list of all the roles that are able to view or edit this event.
If this event is associated with at least one role, then any user who does not have the selected
roles will not be able to view or edit the event.
Click this button to save your changes.
When you click the Access tab on the Door: Edit screen, the Access page is displayed. This page provides a
list of the access groups, roles and identities that have permission to edit or use this door.
Feature Description
Access The name of this access group. Click this link to edit the access group.
Group
Roles Lists the roles this access group is a member of.
Click the + or - symbol beside each role to show or hide the identities that are in the access
group through the role.
Identities Lists the users who are members of the access group.
When you click the Transactions tab on the Door: Edit screen, the HID Transaction page is displayed.
This page allows you to review events and alarms that have occurred at this door. The table displays the
following information about each event:
When you select a Mercury Security door, the configurable options are arranged in tabs on the Door: Edit
page.
When you click the Parameters tab on the Door Edit screen, the Parameters page is displayed. This page
allows you to define the door connections, door mode, schedule and processing attributes.
Note: Fields in this list are dependent on the door or device. Some commands or fields are not
supported for all doors or devices.
Feature Description
Name The name of the door.
After you make your selection, new options may be displayed to define how the door is
connected to the panel.
Subpanel Specifies the subpanel that is connected to the door.
This option is only displayed if there is a subpanel connected to the selected main panel.
Use Single for a door with one reader on one side of the door only (single reader door). Use
Paired Primary and Paired Replica for a door with two readers, one on each side of the door
(paired reader door). Paired readers allow each side of a single physical door to act like a
separate door. This is particularly useful for anti-passback and mustering.
If you set the access type to either Paired Primary or Paired Replica, when you add a door
using this template, the Door Add page displays with the additional field, Linked Door. Use
this field to select the door with the reader on the other side. The linking between the doors
has to be done separately from adding the door.
The Access Type can also be configured in the Wiring Template. When configured in both
the Wiring Template, and the associated Door Template, the setting in the Wiring Template
takes precedence. It is recommended that you use the Wiring Template to efficiently create
linked paired doors.
Door Mode The entry mode for the door when the door controller is online and communicating with the
panel.
Note: In many cases readers in offline mode require a very simple solution for entry
or exit because of the memory limitations. The recommended Offline Door Mode
option is Locked No Access.
Select the Offline Mode option from the drop down list.
There is a Restore door action available on the Hardware Status page or Door Listing page
which resets the door's configuration values to their default value. If the door is in any mode
(Classroom, Office, Privacy, or Apartment) it will be 'restored' to the opposite status (e.g. if
the door is in Privacy mode then it is locked - if the Restore option is selected then the door
will return to its default mode, which is the mode set in the base configuration for the door).
Custom Select any additional door mode the door must support outside the Door Mode and Offline
Mode Mode options.
Custom Define when the Custom Mode would be active.
Schedule
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Mask Forced Define when Door Forced Open alarms from this door will be masked.
Schedule
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Mask Held Define when Door Held Open alarms from this door will be masked.
Schedule
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Always Mask Check this box to specify that Door Forced Open alarms at this door are always masked.
Forced
Normally, this box is unchecked.
Always Mask Check this box to specify that Door Held Open alarms at this door are always masked.
Held
Normally, this box is unchecked.
Door Processing Attributes
Certain customers may have a trigger they want to fire (to execute a macro) as soon as there
is a grant but before entry / no entry is determined.
Deny Duress Check this box to deny access to a user that indicates duress at a door.
Don't Pulse Check this box to disable the pulse of the door strike output when the request-to-exit button
Door Strike is pressed and can be used for a 'quiet' exit.
on REX
If this box is not checked, the output is pulsed.
Require Two Check this box to specify that two tokens are required to open this door. This enforces two-
Card Control person rule at a specified door.
Door Forced Check this box to enable the filter feature for door forced alarms.
Filter
There are instances when a door is either slow to close or is slammed shut and bounces
open for a few seconds. With this filter, the monitor allows three seconds for a door to close
before issuing an alarm.
Log All Check this box to log all access grant transactions as if the person used the door. If this box
Access as is not checked, the door determines if it was opened and will distinguish if the door was
Used
used or not used for grant.
Detailed Check this box to display the current position of the door position switch (DPOS) in the Door
Events State column of the door listing screen. When enabled the column will display “Open” when
the DPOS is in an open state and “Closed” when the DPOS is in a closed state.
Note: To properly report the Door State from the Door Position Switch, Detailed
Events must be enabled.
Typically, five to ten detailed transactions will be generated for each grant transactions.
During the normal course of operation, most guards don't need to see extensive reports on
events; however, after hours, it is often useful to see every detail.
Enable Check this box to enable cipher mode.
Cipher Mode
Cipher mode allows the operator to enter card number digits at the door’s keypad.
Use Shunt Check this box to enable the use of a shunt relay for this door.
Relay
Do Not Log Check this box to indicate that return-to-exit transactions do not get logged to the database.
Rex
Transactions
Click this button to save your changes.
Create New Click this button to generate a PDF report on this door.
Report
Add New Click this button to add a new door.
Door
Transaction Click this button to generate a PDF transaction report on this door.
Report
Show Policy Click this button to generate a PDF report on the current door policy.
Click this button to delete this door.
Click OK in the dialog box that displays to confirm the deletion. The door will be deleted and
you will be returned to the Doors list.
Edit door operations, including the door mode, door held pre-alarms, anti-passback and strike modes.
Note: Fields in this list are dependent on the door or device. Some commands or fields are not
supported for all doors or devices.
After you make your selection, new options may be displayed to define how the door is
connected to the panel.
Subpanel The subpanel that is connected to the door.
This option is only displayed if there is a subpanel connected to the selected main panel.
Lock The number ID for the set of inputs/outputs that are connected from the subpanel to the door.
Number
This option is only displayed if there are inputs or outputs connected to the selected
subpanel.
Door The number that has been assigned to the door module by the wireless lock configuration
Number device.
Only the areas that have been previously configured in the system appear in this list.
Out of area The area that the user exits by passing through the door.
Only the areas that have been previously configured in the system appear in this list.
PIN Timeout The number of seconds that a user is allowed to enter multiple PIN attempts before
generating “Deny Count Exceeded” event.
Note: If the PIN Timeout is set to 10 seconds and then the PIN Attempts is set to two,
this tells the system, if there are two bad PIN attempts within 10 seconds then
generate a Deny Count Exceeded event.
PIN The number of times a user can attempt to enter a PIN within the allotted PIN Timeout time
Attempts frame before an “Deny Count Exceeded” event is generated.
Strike Mode The strike mode.
l Cut short when open — the strike is deactivated when the door opens.
l Full strike time — the strike is deactivated when the strike timer expires.
l Turn off on close — the strike is deactivated when the door closes.
LED Mode The LED mode to specify how the reader LEDs are displayed.
For more information on LED modes, see LED Modes for Mercury Security on page 322.
Held Pre- The number of seconds a door can be held open before a pre-alarm is issued.
Alarm
Instead of generating an alarm, it sends a warning signal to the Access Control Manager host.
Access time The number of seconds the door remains unlocked after a card has been swiped.
when open
Standard The number of seconds the door remains unlocked after access has been granted.
Access time
If the door is not opened within this time, it will automatically lock.
Held Open The number of seconds the door can be held open before a Door Held Open event is
Time generated. See also the Held Pre-Alarm and Extended Held Open Time fields.
Extended The number of seconds the door remains unlocked after access has been granted to token
Access holders with extended access permissions.
This feature is useful for users that may require more time to enter a door.
All of the doors on a panel (and its subpanels) can collectively use at most 16 distinct card
formats, from the up to 128 card formats defined for the entire system.
When the door is created, the initial selection of card formats depends on:
l If there are 16 or less card formats defined in the system, all card formats are in the
Members column.
l If there are 17 or more card formats in the system, and:
o No card formats are selected for the panel assigned to the door, then the
Members column is empty. You must select the card formats accepted at the
door.
o Some door formats are selected for the panel assigned to the door, then those
formats are listed in the Members column. You can add more up to a total of 16.
l If the door is created using a door template, and the template specifies:
o No Change: The Members column is populated as described above.
o Blank: Any selection from the panel is ignored and the Members column is
empty. You must select the card formats accepted at the door.
o Assign: The contents of the Members column from the panel are replaced by
the contents of the Members column from the door template.
o Add: Card formats not in the Members column from the panel that are in the
Members column of the door template are added, up to a maximum of 16. If
there are more than 16, you will have to manually adjust the list.
o Remove: Any card formats in the Members column from the panel that are in
Members column of the door template are removed.
Simple Macros
Type Select a default macro that is triggered when the following conditions are met for this door.
Currently available macros include:
l Forced
l Held
l Pre-Alarm
Schedule Define when this macro can be triggered.
Select a schedule from the drop down list. Only schedules that have been defined in the
system are listed.
Op Type Select an operation type used by this macro.
Click Remove Macro to delete a macro. This button only appears if the macro has been saved
in the system.
Create New Report Click this button to generate a PDF report on this door.
Add Door Click this button to add a new door.
Transaction Report Click this button to generate a PDF transaction report on this door.
Show Policy Click this button to generate a PDF report on the current door policy.
When you click the Hardware tab at the Door Edit screen, the Mercury Hardware page is displayed. This
page allows you to connect and edit readers, inputs and outputs to the door.
Note: Fields in this list are dependent on the door or device. Some commands or fields are not
supported for all doors or devices.
Feature Description
Name The name of the door.
Alt Name The alternative name of the door.
Location The location of the door.
Appliance The appliance the door is connected to.
Vendor The name of the door manufacturer.
Installed Enables communication between the ACM appliance and installed device after saving.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Panel Specifies the panel the door is assigned to.
After you make your selection, new options may be displayed to define how the door is
connected to the panel.
This option is only displayed if there is a subpanel connected to the selected main panel.
Lock The number programmed for the lock. For all locks except SimonsVoss, this is a decimal
Number number. For SimonsVoss wireless locks, this is a hexadecimal number.
or
Door
Number
Unassign All Click this button to reset all of the values below and start over.
To edit one of the readers, inputs or outputs that are connected to the door, click beside
the hardware item:
l
If you click beside the Reader or Alternate Reader, the Reader Edit page is
displayed.
l
If you click beside the Door Position, REX #1 or Rex#2, the Input Edit page is
displayed.
l
If you click beside Strike, the Output Edit page is displayed.
Elevators
The following options are only listed if the door is an elevator.
Offline This identifies the floor that this door reader defaults to if communication between the
Access panel/subpanel and the door's reader goes offline. The door will automatically provide access
to one or more designated floors or doors, with or without card/code entry, if this condition
occurs.
Select the elevator access level from the drop down list.
Only the elevator levels that have been defined in the system are listed.
Facility This identifies the elevator access level that this elevator defaults to if facility code mode is in
Access effect.
Select the elevator access level you require from the drop down list.
Only the elevator levels that have been defined in the system are listed.
Custom This identifies the elevator access level that this elevator defaults to when custom code mode
Access is in effect.
Select the elevator access level you require from the drop down list.
Only the elevator levels that have been defined in the system are listed.
Elevator Select the output this elevator uses.
Outputs
Elevator Select the input this elevator uses.
Inputs
Click this button to save your changes.
Create New Click this button to generate a PDF report on this door.
Report
Add Door Click this button to add a new door.
Transaction Click this button to generate a PDF transaction report on this door.
Report
Show Policy Click this button to generate a PDF report on the current door policy.
Feature Description
Name Enter the name of this reader.
Alt.name Enter an alternative name for this reader.
Location Enter a brief description of the location of this reader.
Reader Type Select the communication protocol used by the reader. The options include:
l OSDP
OSDP is recommended for readers, controllers and subpanels communications.
OSDP offers support for bi-directional communication, Secure Channel Protocol
(SCP) to encrypt the traffic, and provides additional status values for readers,
improved LED controls, and simpler wiring.
l F/2F.
l D1/D0 (Wiegand )
l CLK+Data (Mag) ( NCI magnetic stripe standard)
l Custom (Default)
Note: Custom enables all options for all reader types. Readers configured
with versions of the ACM software earlier than Release 5.10.4 are assigned
this reader type when the software is upgraded to ensure that the previous
settings are retained.
The following options depend on the selected Reader Type and include:
CAUTION — Do not enable SCP on readers that support OSDPv1, such as the ViRDI
biometric reader, as this will make the reader inoperable. Secure channel is only
supported in by OSDPv2.
Note: Mercury controllers may auto-detect the OSDP baud rate. For more
information, refer to Mercury documentation.
Note: Mercury controllers will first try the setting provided and if that does not
work, the controller will use default settings.
OSDP Tracing Displayed for OSDP readers only. If the box is checked, OSDP address tracing will be
logged in the mercury.txt appliance log for troubleshooting.
NCI magstripe Check this box to indicate that this reader supports the NCI standard for magnetic stripes.
Supervised Check this box to indicate that this reader is supervised (outfitted with detection devices)
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item,
select one or more partitions. To allow all operators access to the item, do not select a
partition.
Click this button to save your changes.
Feature Description
Input The name of the input point.
Installed Enables communication between the ACM appliance and installed device after saving.
Address The read-only address of this point.
EOL Select the End of Line resistance of this input.
resistance
Only the EOL resistance that have been defined in the system are listed.
For example, if the input point goes into alarm, then restores, it will hold it in that alarm state for
1 to 15 seconds after it returns to normal before reporting the normal state.
Cameras Select the camera from the window that this input activates if it goes into alarm.
Only those cameras previously defined for this system appear in this window.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
Show Click this button to display the policies associated with this input module.
Policy
Feature Description
Output Enter a name for this output.
Installed Enables communication between the ACM appliance and installed device after saving.
Address The read-only address for this output point.
Operating Select how the panel knows when the output point is active.
Mode
l Energized When Active – a current is expected to pass through the output point when it
is active.
l Not Energized When Active – a current expected to pass through the output point
when it is inactive.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to the item, select
one or more partitions. To allow all operators access to the item, do not select a partition.
Click this button to save your changes.
1Due to mechanical properties of a switch, when a switch is closed, there is a period of time in which the
electrical connection "bounces" between open and closed. To a microcontroller, this "bouncing" can be
interpreted as multiple button pushes. To suppress the "bouncing", the controller software is designed to
anticipate it. This is known as "debouncing a switch".
Show Click this button to display the policies associated with this output point.
Policy
When you click the Elev tab at the Door Edit screen, the Mercury Security Elev table displayed. This page
allows you to view elevator door details.
Feature Description
Name Name of the elevator door. If you click on the name it links back to the Parameters tab for the
door.
Inputs List of inputs for the related elevator input module.
Outputs List of outputs for the related elevator output module.
When you click the Cameras tab on the Door: Edit screen, the Camera page is displayed. From this page, you
can assign specific cameras to record video of the selected door.
Note: Fields in this list are dependent on the door or device. Some commands or fields are not
supported for all doors or devices.
Feature Description
Name The name of the door.
Alt Name The alternative name of the door.
Location The location of the door.
Appliance The appliance the door is connected to.
Vendor The name of the door manufacturer.
Installed Enables communication between the ACM appliance and installed device after
saving.
Partitions Displayed for a partitioned ACM appliance only. To restrict operator access to
the item, select one or more partitions. To allow all operators access to the item,
do not select a partition.
Panel Specifies the panel the door is assigned to.
After you make your selection, new options may be displayed to define how the
door is connected to the panel.
This option is only displayed if there are inputs or outputs connected to the
selected subpanel.
Door The number that has been assigned to the door module by the wireless lock
Number configuration device.
Camera Select the external system that is connected to the camera.
Type
The Available window is populated with those cameras that fit this definition.
Click the Camera button beside this field to view live video from the camera. For
more information on the video viewer window, see Configuring and Viewing
Live Video Stream on the next page.
Available This window displays a list of cameras that have been configured in the system.
To connect a camera to the door, select the camera from the Available list, then
click to move it to the Members list.
Members The window displays a list of cameras that are currently connected to the door.
To disconnect a camera from the door, select the camera from the Members list,
then click to move it to the Available list.
Search If you have more than 10 cameras, the Search feature may be displayed to help
you find the cameras you need.
In the Search field, enter the name of the camera you want to find, then click
Filter. You can narrow your search by selecting the Case-sensitive option. Click
Clear to restore the full list of available cameras.
Click this button to save your changes.
1 Camera Displays controls for viewing the related camera video, including switching from live to
Controls recorded video, pan-tilt-zoom (PTZ) controls for PTZ cameras and changing the video
Tool Bar
display layout.
2 Camera List Displays all the cameras that are linked to the event. Click the name of a camera to display
the video. Use one of the multi-video layouts to display more than one camera at a time.
3 Image Displays the video stream from the connected cameras. In the top-right corner, you can
Panel minimize and maximize the display or close the video.
Note: The window may look different and have different controls depending on the external camera
system that is connected to the ACM system.
When you click the Interlocks tab on the Door: Edit screen, the Interlocks list is displayed. This page lists all
the Interlocks that have been added to the system.
Feature Description
Name The name of the interlock.
Feature Description
Name Identifies the interlock.
Select the source from the drop down list. Options in this drop down list will vary depending on
the source type specified.
Select the Event Type from the drop down list. The options change to match the selected
source option.
Only those Event Types currently defined by the system appear in this list.
Event Select the event that will trigger the interlock.
Events appearing in this list vary depending on the event and source specified. For more on
this, refer to Event Types - Introduction.
Interlocks with:
Type Select the type of component that triggers this interlock.
Subpanel If applicable, select from the drop down list the subpanel where this interlock is triggered.
Target From the drop down list, select the target that is triggered by this interlock.
Command to run:
Command This identifies the command script to be run.
Only those commands previously defined by the system appear in this list.
Function If applicable, select from the drop down list the function to be run.
Arg Text If the command requires an argument, enter the required argument in this text box.
Feature Description
Name Identifies the interlock.
Select the source from the drop down list. Options in this drop down list will vary depending on
the source type specified.
Event Type Identifies the event type the interlock is associated with.
Select the Event Type from the drop down list. The options change to match the selected
source option.
Only those Event Types currently defined by the system appear in this list.
Event Select the event that will trigger the interlock.
Events appearing in this list vary depending on the event and source specified. For more on
this, refer to Event Types - Introduction.
Interlocks with:
Type Select the type of component that triggers this interlock.
Subpanel If applicable, select from the drop down list the subpanel where this interlock is triggered.
Target From the drop down list, select the target that is triggered by this interlock.
Command to run:
Command This identifies the command script to be run.
Only those commands previously defined by the system appear in this list.
Function If applicable, select from the drop down list the function to be run.
Arg Text If the command requires an argument, enter the required argument in this text box.
Events tab
This page lists all the local and global events that can be triggered by this door. The Local Events table is only
listed when there are local events configured for the door.
Local Events
This table is only displayed if there are local events for the device.
Name The name of this event.
Global Events
This table displays all the global events that are related to this type of device.
Name The name of this event.
Event The event type.
Source Type the source of this event.
Has On/Off If the event toggles on or off.
Feature Description
Name The name of the event, which you can change if the name is not
Return The name used to identify that this event is over, or the return-to-normal (RTN) ) name of this
Name event, such as the door closing and locking after access has been granted, or after the
configured door open time has expired.
Event Type Specify the event type.
Only events types that have been defined in the system appear in the drop down list.
Source Type The device that is the source of the event.
Priority Specify the priority of this event.
The Alarm Monitor displays alarms according to their priority. Priority 1 is the highest priority
and is always displayed at the top.
Alarm Select an alarm sound that is played when a new alarm occurs while you are monitoring the
Sound Alarms page.
Suppress Select a schedule when alarm events are not reported.
Time
Only schedules that have been defined in the system are listed.
Instructions Enter any instructions that may be required for handling this event.
The instructions are made available to the user on the Monitor screen.
Return Select the event type of the RTN event.
Event
Return Specify the priority of the RTN event.
Priority
The priority range is 1 - 999.
Has on/off Indicates that this event has an RTN event associated with it.
Note: Adding return event information manually on this screen does not change the
setting of this checkbox. It is set only if the original event has an associated
RTN event defined for it.
Masked Check this box to indicate that this a masked event by default. This can be changed on the
Event List page.
Note that if Event Type logging is turned on, then all Events of that Event Type are logged,
regardless of their individual logging configuration. If Event Type logging is turned off, then
the logging configuration of the specific Events of that Event type are adhered to.
Show Video Check this box to auto-launch video from the linked camera feed when the event occurs by
default. This can be changed on the Event List page.
If the same operator attempts to clear the alarm, then nothing will happen.
Email Enter the email address of all the people who should be notified when this event occurs.
You can enter more than one email address separated by a comma.
Roles:
Available A list of all the roles that are available to you in the system.
To allow specific role to have access to view or edit this event, select a role from the Available
list then click to add the role to the Member list.
To move one or more roles to the Members window, click to select one role then Ctrl + click
to select a non-consecutive group of roles, or Shift + click to select a consecutive roles.
Members A list of all the roles that are able to view or edit this event.
If this event is associated with at least one role, then any user who does not have the selected
roles will not be able to view or edit the event.
Click this button to save your changes.
When you click the Access tab on the Edit screen, the Access page is displayed. This page provides a list of
the access groups, roles and identities that have permission to edit or use this door.
Feature Description
Access The name of this access group. Click this link to edit the access group.
Group
Roles Lists the roles this access group is a member of.
Click the + or - symbol beside each role to show or hide the identities that are in the access
group through the role.
Identities Lists the users who are members of the access group.
When you click the Transactions tab on the Door: Edit screen, the list of transactions for the door is
displayed.
This page allows you to review events and alarms that have occurred at this door. The table displays the
following information about each event:
Feature Description
Panel Date The date and time when the event occurred.
Priority The priority of the event. The highest priority is 1 and the lowest priority is 999.
Event The name of the event.
Last Name The last name of the person who generated the event.
First Name The first name of the person who generated the event.
Card Number The internal token number assigned to the person who generated the event.
Message This displays any messages that may be associated with the event.
Tip: You can also view events using Monitor > Events. For more information, see
Monitoring Events on page 28.
4. Click the Access tab to view the access groups, roles and identities that have permission to edit or use
the door (not applicable to RU and RM exit devices):
Access Groups The name of the access group. Click the link to edit the access group.
Roles The roles that the access group is a member of. Click the + or - icon next to
each role to show or hide the identities in the access group through the role.
Identities The users who are members of the access group.
Panel Date The date and time when the event occurred.
Priority The priority of the event. The highest priority is 1 and the lowest priority is
999.
Event The name of the event.
Last Name The last name of the person who generated the event.
First Name The first name of the person who generated the event.
Card Number The internal token number assigned to the person who generated the event.
Message Any messages that are associated with the event.
For more information, see Managing Door Access on page 112.
5. Click the Transactions tab to view the events and alarms that have occurred at the door:
Access Groups The name of the access group. Click the link to edit the access group.
Roles The roles that the access group is a member of. Click the + or - icon next to
each role to show or hide the identities in the access group through the role.
Identities The users who are members of the access group.
Panel Date The date and time when the event occurred.
Priority The priority of the event. The highest priority is 1 and the lowest priority is
999.
Event The name of the event.
Last Name The last name of the person who generated the event.
First Name The first name of the person who generated the event.
Card Number The internal token number assigned to the person who generated the event.
Message Any messages that are associated with the event.
For more information, see Configuring Roles on page 87.
ACM system users assigned the ACM Verify Administrator role can add and configure doors as ACM Verify
stations, and administer the virtual stations and paired devices in the ACM system. They can also administer
other doors.
ACM system users assigned the ACM Verify User role can access the ACM Verify functionality on their mobile
devices that let the devices act as virtual stations, and can pair their mobile device to the ACM system.
1. Add a new door from the Doors listing panel, and complete the Name, Alt Name, Location and
Appliance fields.
2. In the Vendor field, select Avigilon. The Station Type field is automatically set as ACM Verify.
3. Configure the station as either Managed or UnManaged,
l A managed station prompts the operator of the virtual station to verify that the person who
enters a PIN code is using a valid PIN code and it also displays a picture and other information
for additional verification.
l An unmanaged station only verifies whether the PIN code the person entered is a valid PIN
code that has access to the virtual station.
4. Set the timezone for the events reported by the virtual station if it needs to be different than the
timezone used by the appliance.
5. Specify an area if you want the virtual station to act as an entrance to the area.
If the virtual station is configured with an area, a valid PIN code entry at the station moves the identity
associated with the PIN code into the area. If it also configured as a managed virtual station, the user
can then view a list of the identities with photos that are in the area.
6. Configure Station Authorization as Paired or Login
l A paired station is secured by pairing a specific device to the server so that only an
ACM software user in possession of the paired device and one of the required roles, or their
equivalent delegation set can access the ACM Verify station.
l A login station is secured only by ACM login credentials and so that any ACM system user with
the required roles, or their equivalent delegation set, can access the ACM Verify station from
any device.
9. Click to save the door. The page refreshes and displays the information you entered on
Parameters tab for the door.
When you click the Parameters tab on the Door Edit screen, the Parameters page is displayed. This page
allows you to define the door connections, door mode, schedule and processing attributes.
Feature Description
Name The name of the door.
Alt Name The alternative name of the door.
Location The location of the door.
Appliance The appliance the door is connected to.
Vendor The name of the door manufacturer. Select Avigilon for an ACM Verify Station.
Installed Enables communication between the ACM appliance and installed device after saving.
Station Type Displays ACM Verify as the type of station used on the connected devices. A device
that uses this type of station is called a virtual station.
Managed or Select if you want the ACM Verify Station managed or not.
UnManaged
l A managed station requires the virtual station user to grant or deny access to
the person entering a valid PIN code. It also displays the name and picture of
the user for verification.
l An unmanaged station automatically grants or denies access and does not
provide any additional information when a PIN code is entered.
Geographic Select the time zone where the ACM Verify device is used if it is different from the
Timezone ACM appliance value.
Into Area Select the area where the ACM Verify device is used to monitor access. Select the
Don't Care option if the ACM Verify reader is not used to control access to a specific
area. You must specify an area if you want the virtual station to list all the people who
have entered the area.
Tip: If the authentication type is Paired, the Door Add page re-displays with
the Add Paired Device button.
Available Lists the available ACM Verify devices that have been paired to the ACM system.
Members Lists the paired ACM Verify devices that are assigned to this station.
Click to move a paired device from the Available list to the Members list.
Click to move a paired device from the Members list to the Available list.
Add Paired Device Click to add a new paired device. See Add Paired Device for more information.
Click this button to save your changes.
Paired Devices
Pairing devices to the ACM appliance ensures that access to ACM Verify Stations is restricted to authorized
devices.
Pairing must be completed by both the ACM administrator and the user of the connected device. The device
user must be an authorized ACM user with the ACM Verify User role or equivalent at a minimum. The pairing
persists as long as the cookie used for the pairing exists. See Precautions for Paired ACM Verify Stations on
the next page
CAUTION — In a failover deployment of the ACM system, pair the device to both the main server and the
failover server. When a failover occurs, the ACM operator must restore the pairings for all ACM Verify devices
to the failover server, and repeat the process when the main server is back in service.
1. The ACM operator provides the user with the IP address or hostname of the ACM appliance. Do not
provide both. Use one format for the address of the ACM appliance for all pairings.
The ACM appliance IP address or hostname is visible in the web browser's navigation bar from any
ACM client window.
2. The device user must have the web browser open on their device.
The pairing must be completed within ten minutes of the ACM operator generating the PIN for pairing.
Although the user's device is paired to the ACM appliance, the virtual stations configured for paired
A device can be paired to only one active ACM appliance. If a failover ACM appliance is configured, pair all
ACM Verify devices to both servers. If a fail-over occurs, you must reassign devices to the ACM Verify stations
on the fail-over server while it is active, and reassign them back to the main server after it is returned to
service. Pairing devices in advance will make this task much more efficient.
If a device browser loses the cookie, it cannot access ACM Verify and you must pair the device again. Before
the device can be paired again, the previous pairing must be deleted from the ACM appliance.
Pairing a Device
A device needs to be paired to the ACM appliance to access the ACM Verify function. A device can be paired
to the ACM appliance at any time, or when adding a door as an ACM Verify Station.
To pair a device:
1. The ACM operator and the device user agree on the name to use for the device.
2. The ACM operator provides the ACM URL or hostname to the device user.
The ACM appliance IP address or hostname is visible in the web browser's navigation bar from any
ACM client window.
3. The ACM operator navigates to the Add Paired Device panel.
a. If the operator is:
l
Pairing a device only, click > Paired Devices.
l Adding a new door as an ACM Verify Station, click on Add Paired Device in the
Door: Add New screen. For more information, see Parameters tab (Avigilon) on
page 277.
b. Enter the name to identify the device, such as "User Name's Smartphone" and click Generate PIN.
Provide the 4-digit PIN to the device user. The PIN is valid for 10 minutes.
5. The ACM operator waits until the device is paired and then clicks .
To remove a pairing from the ACM appliance, click for the device.
You must be an ACM user to use ACM Verify on your device. To set up a device for ACM Verify, see
Configuring ACM Verify™ Virtual Doors on page 276.
To use ACM Verify:
1. Use the URL or web link in your web browser provided when your device was set up to launch
ACM Verify from your web browser.
Note: If your device is paired to the ACM user, always use the same browser.
2. If the Access Control Manager login page is displayed, enter your ACM Login and Password.
ACM Verify is displayed and the Virtual Stations you can use are listed.
3. Tap to open a virtual station.
A prompt to enter PIN codes appears.
4. Anyone wanting to access the location you are controlling must enter a PIN code on your device and
tap Submit.
l If the virtual station is managed, the user's picture and name displays, and you are prompted to
grant or deny access.
l If the virtual station is unmanaged, access is granted if the code is valid.
l If the PIN code is incorrect or invalid, a message that access is not granted displays.
Note: ACM supports only the Schalge and Von Duprin® devices in Supported Devices on the next
page in IP/PoE mode. Other device models might not operate correctly.
Tip: If you are installing Schlage Wi-Fi locks, see Offline Wi-Fi Mode Installation on page 292.
System Overview
Figure 5: ACM System organization for Allegion Schlage® IP/PoE wireless locks
2 ACM appliance
3 Encrypted connection provided by the Schalge ENGAGE site that the ENGAGE gateway is
commissioned to (the site is created in ACM)
4 ENGAGE gateway panel that supports up to 10 IP-connected devices in any combination using IP
(410-IP)/PoE (Power over Ethernet) mode of operation, or ASSA ABLOY Aperio IP hub panel that
supports up to 64 IP-connected devices.
5 Schlage IP wireless locks including mobile-enabled and Allegion Von Duprin remote undogging
(RU) and remote monitoring (RM) exit devices
Supported Devices
Ensure the physical configuration of the device matches the configuration in the ACM application as follows.
Allegion Von Duprin remote undogging (RU) and remote monitoring (RM) devices
Note: Before you begin, obtain the ENGAGE login account information. For more information, see
Schlage documentation.
After you add the ENGAGE site for an IP-connected lock, see Step 2: Configuring Gateways for IP Wireless
Locks below.
After you add the ENGAGE site for an offline Wi-Fi lock, see Step 2: Setting Up Communication to Offline Wi-
Fi Locks on page 293.
c. Click .
d. Contact your support representative to enable the Debug checkbox, if needed.
5. Click to save your changes. The entries are displayed on the Configure tab.
6. Click the Host tab.
7. Enter:
IP Address The IP address of the gateway or hostname of the device.
Installed Enables communication between the ACM appliance and installed device after
saving.
After gateway communication is enabled, any devices linked to the gateway will be displayed in the following
places:
l On the Status tab of the abovementioned panel page, where the Link Name, S/N (serial number),
Status (of the connection to each device) and Credential Capacity (for each device that supports
credentials) columns are displayed.
l In the Linked Devices field on the door page.
Tip: IP wireless device only. You can save the door without a linked device
and enter it as a post-installation step.
Access Type IP-connected wireless device only. Whether access is located on one or both sides
of the door. Default is Single, which cannot be changed. For more information, see
Access Types on page 215.
Door Mode IP-connected wireless device only. The entry mode for the door when the gateway
is online and communicating with the device. For information about the Unlocked,
Locked No Access and Card Only options, see Door Modes on page 213.
Door modes are device-specific and not applicable to Control locks.
Lock Function None is the default. For more information about the Privacy, Apartment and Office
lock functions, see Adding Doors on page 225
Lock function is device-specific.
Always Mask The Door Forced Open alarms at the door are always masked.
Forced
Always Mask The Door Held Open alarms at the door are always masked.
Held
Door For more information about the Log Grants Right Away, Log All Access as Used
Processing and Detailed Events door processing attributes, see Adding Doors on page 225.
Attributes
Not applicable to Control locks.
After you add a new door, customize other door settings to meet your system requirements. For more
information, see Step 4: Configuring Locking Operation below.
Make sure the Facility Code in Physical Access > Card Formats matches the
facility code on the card. This ensures credential matching occurs during
card operation on the door that uses the card format. For more information,
see Configuring Card Formats on page 323.
Important: Check the credential capacity of the door on the Panel: Status tab before you add
more credentials to the lock.
3. Does not apply to Control locks. Add the device to an access group for assignment to identities and
their tokens.
On the Panel: Status tab, the Credential Capacity count for the door is updated.
When a person presses the push bar, the door is Unlocked. While the door is unlocked,
you will see the Open and Closed states as the door is opened and closed.
l
To lock the RU device in Closed door state and Unlocked door mode, select Door Action
> Locked No Access.
For more information about controlling doors, see Controlling Doors on page 201. You can also apply door
commands to RU devices in maps. For more information, see Maps - Introduction on page 450.
1. Select Physical Access > Panels to view gateways or offline Wi-Fi locks.
2. View the Device Status in the first column. For more information, see Device Status on page 47.
Ignore the Cards in Use column.
For another way of accessing device status, see Using the Dashboard on page 44.
3. Select the panel.
4. View on the Status tab:
The communications status between the panel and ACM appliance. The current
status of the device is indicated by the background color. For more information,
see Status Colors on page 46.
Note: ControlBM locks are displayed in the ControlBM Locks list only if
the gateway firmware is updated to version 1.62.04 or newer. If the
gateway firmware is not updated, the ControlBM locks are displayed in
the Control Locks list. Lock functionality still works with the exception of
the Update Firmware capability.
Offline Wi-Fi lock only. Hover your mouse over the firmware version to view more
details.
Tip: You can also view events using Monitor > Events. For more information, see
Monitoring Events on page 28.
4. Click the Access tab to view the access groups, roles and identities that have permission to edit or use
the door (not applicable to RU and RM exit devices):
Access Groups The name of the access group. Click the link to edit the access group.
Roles The roles that the access group is a member of. Click the + or - icon next to
each role to show or hide the identities in the access group through the role.
Identities The users who are members of the access group.
Panel Date The date and time when the event occurred.
Priority The priority of the event. The highest priority is 1 and the lowest priority is
999.
Event The name of the event.
Last Name The last name of the person who generated the event.
First Name The first name of the person who generated the event.
Card Number The internal token number assigned to the person who generated the event.
Message Any messages that are associated with the event.
For more information, see Managing Door Access on page 112.
5. Click the Transactions tab to view the events and alarms that have occurred at the door:
Access Groups The name of the access group. Click the link to edit the access group.
Roles The roles that the access group is a member of. Click the + or - icon next to
each role to show or hide the identities in the access group through the role.
Identities The users who are members of the access group.
Panel Date The date and time when the event occurred.
Priority The priority of the event. The highest priority is 1 and the lowest priority is
999.
Event The name of the event.
Last Name The last name of the person who generated the event.
First Name The first name of the person who generated the event.
Note: Ensure the ENGAGE gateway and ACM have access to the internet.
Note: To update the firmware of ControlBM locks, gateway firmware version 1.62.04 or
newer, is required.
Note: For offline Wi-Fi locks, the firmware version update does not occur immediately. It occurs at
the next communication interval to the ACM application. Each offline Wi-Fi lock has its own interval
setting which is dependent on the timing of its initial communication with the ACM system.
Generating Reports
For Schlage IP wireless devices.
You can generate the Door Configuration Report and Transaction Report by selecting Reports.
Note: ACM supports only the Schalge devices in Supported Devices below in offline Wi-Fi
mode. Other device models might not operate correctly.
Note: ACM appliance failover is not supported for offline Wi-Fi locks due to the connection method.
Offline Wi-Fi locks initiate calls to the ACM appliance, as opposed to the ACM appliance initiating the
connection for wired locks. However, manual failover to a standby ACM appliance is supported. To
enable automated failover for offline Wi-Fi locks, organizations may choose to follow standard
practices for network DNS failover in their infrastructure. The details of configuring automated
failover depend on individual network architectures.
Supported Devices
Ensure the physical configuration of the device matches the configuration in the ACM application as follows.
Note: Before you begin, obtain the ENGAGE login account information. For more information, see
Schlage documentation.
After you add the ENGAGE site for an IP-connected lock, see Step 2: Configuring Gateways for IP Wireless
Locks on page 283.
After you add the ENGAGE site for an offline Wi-Fi lock, see Step 2: Setting Up Communication to Offline Wi-
Fi Locks below.
1. On the External Systems page, click the Schlage tab and enter:
After a lock is externally commissioned, the lock automatically appears in the ACM application as a door and
a panel.
After this step, see Step 3: Configuring Offline Wi-Fi Lock Operation below.
See also:
l Deleting Offline Wi-Fi Locks on page 297
Make sure the Facility Code in Physical Access > Card Formats matches the
facility code on the card. This ensures credential matching occurs during
card operation on the door that uses the card format. For more information,
see Configuring Card Formats on page 323.
Important: Check the credential capacity of the door on the Panel: Status tab before you add
more credentials to the lock.
On the Panel: Status tab, the Credential Capacity count for the door is updated.
1. Select Physical Access > Panels to view gateways or offline Wi-Fi locks.
2. View the Device Status in the first column. For more information, see Device Status on page 47.
Ignore the Cards in Use column.
For another way of accessing device status, see Using the Dashboard on page 44.
3. Select the panel.
4. View on the Status tab:
The communications status between the panel and ACM appliance. The current
status of the device is indicated by the background color. For more information,
see Status Colors on page 46.
Clock Resynchronizes the clock time of the gateway or offline Wi-Fi lock when clicked.
See Updating Panel Time on page 179.
Last comms The date and time of the last message that was communicated between the panel
and the ACM appliance.
Offline Wi-Fi lock only. The date and time of the last communication between the
lock and the ACM appliance.
Note: ControlBM locks are displayed in the ControlBM Locks list only if
the gateway firmware is updated to version 1.62.04 or newer. If the
gateway firmware is not updated, the ControlBM locks are displayed in
the Control Locks list. Lock functionality still works with the exception of
the Update Firmware capability.
Offline Wi-Fi lock only. Hover your mouse over the firmware version to view more
details.
Note: Ensure the ENGAGE gateway and ACM have access to the internet.
Note: To update the firmware of ControlBM locks, gateway firmware version 1.62.04 or
newer, is required.
Note: For offline Wi-Fi locks, the firmware version update does not occur immediately. It occurs at
the next communication interval to the ACM application. Each offline Wi-Fi lock has its own interval
setting which is dependent on the timing of its initial communication with the ACM system.
If a lock is deleted in the ACM application, it will reappear as a new door at the next communication interval to
the ACM application. A lock that is not deleted in the ACM application, but deleted in the ENGAGE
application, will appear as an offline lock in the ACM application. Changing the site must be done in the
ENGAGE application.
Note: Doors must be created in the SALTO system before you use the ACM system. Every time you
add or delete doors in the SALTO system, remember to manually sync them with ACM as described
in Step 3. In addition, identities and their tokens must be managed in the ACM system and requires
using encoder hardware for some door modes, as described in Step 5.
System Overview
Figure 6: ACM system organization for SALTO ProAccess SPACE doors
1 ACM applications, including identity (badging), administration, video surveillance and alarm
monitoring
2 ACM appliance
3 Encrypted connection provided by the SALTO Host Interface Protocol (SHIP) integration
4 SALTO ProAccess SPACE server (referred to as SALTO server; supports up to 2048 installed
doors), SALTO ProAccess SPACE Configurator application, SALTO encoder hardware
6 SALTO JustIN Mobile access technology and mobile credentials, physical keycards
Prerequisites
SALTO Server Installation and Configuration
Contact your integrator to install and configure the SALTO ProAccess SPACE server.
Note: Operators need to understand how to use SALTO security configuration, such as key
revalidation, door open mode and timed-based configuration, before using the ACM system. See
Understanding SALTO and ACM Door Configuration on the next page.
For general, new or updated instructions about the registration, installation and configuration of
SALTO systems software and hardware, refer to SALTO systems documentation. The following
instructions are based on using SALTO ProAccess SPACE software version 6.2.3.1.
Note: The above steps assume you are running Windows 10. If you are running
Windows 7 Service Pack (SP) 1, upgrading to Windows 10 or enabling Transport Layer
Security (TLS) in Windows 7 SP 1 is recommended. For more information, see the steps
at Microsoft.com (support.microsoft.com/en-ca/help/3140245/update-to-enable-tls-1-1-
and-tls-1-2-as-default-secure-protocols-in-wi).
Prerequisites 299
used for communication between SALTO and ACM systems.
3. In the SALTO ProAccess SPACE software version 6.2.3.1, configure the user ID:
a. Click the URL which is displayed on the SERVICE PORTS panel.
For example: https://hostname:portnumber/ProAccessSpace/
b. Select the Advanced tab on General options.
c. Add the SHOW_EXT_ID parameter and set the value to 1.
d. Select the Users tab and click the button next to User ID configuration.
e. Add ($FirstName) ($LastName) ($EXTID) in the Content field and click OK.
Important: The ($EXTID) macro must be used to ensure uniqueness of the First Name
and Last Name combination.
For information about ACM door configuration, see Door Modes on page 213, Step 3: Syncing Doors with the
SALTO Server on page 304 and Step 4: Installing and Configuring Doors on page 304.
Office - Office
Toggle - Toggle
Holiday Calendar*
‡ The Escape and Return mode settings are not applicable to SALTO online and standalone doors that are
installed with a control unit (CU).
In the SALTO ProAccess SPACE software version 6.2.3.1, configure the lock mode:
Note: You can search for Escape and Return events in ACM event monitoring.
For more information about SALTO Ethernet encoder configuration, refer to SALTO systems documentation.
Supported Devices
The ACM application is mapped to the physical configuration of SALTO doors as follows.
Note: Before you begin, set up the required SALTO server and hardware. For more information, see
SALTO systems documentation.
After the external system is saved, the SALTO server automatically appears in the ACM application as a
panel.
Note: Every time you add or delete doors in the SALTO system, remember to sync them with
the ACM system.
The other fields are read-only and cannot be changed. For more information, see SALTO Panel Status
on page 180.
After doors are imported, see Step 4: Installing and Configuring Doors below.
Note: Doors must be created in the SALTO system before you use Door Mode, Custom Mode and
Custom Schedule in the ACM system.
To enable communication to the SALTO door after syncing with the SALTO server:
Note: If a message (red text) is displayed indicating the need to update the door mode, make
sure the Door Mode, Custom Mode and Custom Schedule fields are selected. You need to
set supported door modes in the ACM appliance.
If you add a door to a zone or remove a door from a zone in the SALTO system, allow up to
five minutes for the door to be added or deleted (respectively) in the ACM system.
c. Click to save.
4. Return to Physical Access > Doors.
l In the Device Status column, you will see:
Online with control unit door. Normal, Uninstalled, Communication, Unlocked, Battery, Tamper,
Forced, Held or Synchronization.
Standalone door. Normal, Uninstalled, Battery or Synchronization.
For more information, see Device Status on page 47.
l In the Door State column, you will see Unknown change to:
Online door. Open, Closed, Emergency Open or Emergency Closed.
Standalone door. Offline.
Online or standalone door with no control unit. Closed or Emergency Open.
For more information, see Controlling Doors on page 201 and Maps - Introduction on page 450.
l In the Door Mode column, you will see:
Online and standalone doors. Card Only, Card and Pin, Toggle, Office or Keypad Only.
Online or standalone door with no control unit. Unlocked or Locked No Access.
For more information, see Door Modes on page 213.
5. Select and edit door configuration as required:
(The Alt Name through Installed fields can be edited on the Parameters and Cameras tabs. For these
field descriptions, see Adding Doors on page 225.)
Door Mode: The entry mode of the door after syncing with the SALTO server and installing the door.
For more information, see Door Modes on page 213.
Custom Mode: Another entry mode of the door that is time-based (see Custom Schedule), which can
be Unlocked, Card and Pin, Office, Toggle or Keypad Only (same as Door Mode). If Keypad Only is
selected, Keypad Code is displayed. You can enter up to 8 digits.
Custom Schedule: A predefined time when Custom Mode becomes active. If you need to add a new
schedule, see Adding Schedules (Intervals in Schedules) on page 395.
Always Mask Forced: If selected, Door Forced Open alarms at the door are always masked.
Always Mask Held: If selected, Door Held Open alarms at the door are always masked.
Detailed events: Enables the reporting of event details, such as Door Mode, after syncing and
installing the door.
Do Not Log Rex Transactions: Disables logging of request-to-exit transactions.
Note: Before you start, make sure you have access to encoder hardware before you create the
identity and token in the ACM system. In addition, make sure an access group and identity are
created in the ACM system. For more information, see Adding an Access Group on page 112 and
Assigning an Access Group to a Role on page 115.
If your SALTO network supports SALTO mobile credentials, make sure all identities download and
install the SALTO JustIN Mobile app.
1. Select Identities > Identities and click Search to select an identity already created.
If you need to add an identity, see Adding an Identity on page 69.
2. Click the Tokens tab and enter:
Token Type SALTO
Mobile Application Type Default is None.
JustIn Mobile refers to the SALTO JustIN Mobile application that is
installed on the mobile phone of the identity.
Mobile Phone Number The mobile phone number in international format (plus sign and no
spaces).
+ country code, area code, phone number
Example: +12345678910
3. Click to save.
The Download and Assign Key buttons appear.
4. Edit the token and click Assign Key to assign a key to the token as follows:
For a physical key:
Note: Updating some of the token configuration requires you to re-encode (referred to as re-edition
or re-edit) the key. Therefore, make sure you have access to encoder hardware before you start.
Canceling Keys
To cancel a key that was assigned to a token:
Note: A canceled key cannot be used throughout the SALTO system. For more information, refer to
SALTO system documentation.
Typically, this action is done after system restore. For more information, see also Restoring Backups on
page 368.
Note: Locks must be created in the Lock Configuration Tool (LCT) and doors must be created in the
DSR software before you use the ACM system. Every time you add doors in the ASSA ABLOY
system, remember to manually sync them with ACM as described in Step 2. After door sync, the
doors must be edited and managed in the ACM system.
System Overview
Figure 7: ACM system organization for ASSA ABLOY IP-enabled locks
1 ACM applications, including identity (badging), administration, video surveillance and alarm
monitoring
2 ACM appliance
3 Encrypted connection provided by the ACM appliance certificate and ASSA ABLOY DSR server
configuration using Transport Layer Security (TLS)
4 ASSA ABLOY Door Service Router server, DSR Support Tool and Lock Configuration Tool
applications
Typically, Wi-Fi locks are battery-powered (referred to as the Battery Powered lock type in ACM),
and if configured with an external power supply, can have the real-time communication
capabilities of hard-powered PoE locks (referred to as the External Powered lock type in ACM).
Prerequisites
Contact your integrator to install and configure the ASSA ABLOY DSR software and LCT application.
Note: Integrators can download the required vendor software and the Access Control Manager™
System Integration Guide for ASSA ABLOY Door Service Router and Lock Configuration Tool in the
Avigilon Partner Portal (avigilon.com/software-downloads).
Prerequisites 312
Supported Devices
The ACM application is mapped to the physical configuration of ASSA ABLOY IP locks as follows.
Note: Before you begin, set up the required DSR and LCT software and IP lock hardware. For more
information, see the Access Control Manager™ System Integration Guide for the ASSA ABLOY Door
Service Router and Lock Configuration Tool. For information about the number of DSRs supported
by the ACM system, see Supported Devices above.
Important: The encrypted connection to the ACM system must be enabled in the DSR software.
4. Click to save your changes. The entries are displayed on the Configure tab.
(The Name and Physical Location fields can be edited on the Configure and Host tabs. The other
fields are read-only and cannot be changed.)
5. Click the Host tab.
6. Enter:
IP Address The IP address of the gateway or hostname of the device.
Access Port The port that receives events from the DSR. Default is 8443.
Callback Port The port that receives callbacks about events or statuses on the DSR. Default is
9001; range is 0-65535.
Note: The callback port must be unique for each DSR, if you are
installing multiple DSRs on the same ACM appliance.
After configuring the panel, see Step 2: Syncing Doors with the Door Service Router below.
After doors are synced, see Step 3: Installing and Configuring Doors below.
Note: Doors must be created in the ASSA ABLOY system before you use Door Mode, Custom Mode
and Custom Schedule in the ACM system.
To enable communication to the ASSA ABLOY door after syncing with the DSR:
Lock Function None is the default. Privacy: When the interior lock button is pressed, the door
will lock and the exterior lock will not grant access to any token. To unlock the
door, the interior lock button must be pressed again or exit the room.
Always Mask If selected, Door Forced Open alarms at the door are always masked.
Forced
Always Mask Held If selected, Door Held Open alarms at the door are always masked.
Detailed events Enables the reporting of event details, such as Door Mode, after syncing and
installing the door.
Do Not Log Rex Disables logging of request-to-exit transactions.
Transactions
Make sure the Facility Code in Physical Access > Card Formats matches the
facility code on the card. This ensures credential matching occurs during card
operation on the door that uses the card format. For more information, see
Configuring Card Formats on page 323.
Important: Before you add more credentials to the lock, refer to the DSR software for the
available credential capacity. Credential capacity is dependent on the lock model.
Configuring Areas
An area in the ACM system defines a physical location within a secured site that requires additional access
control. This area can be relatively small, like a lab or a store room; or large, like a collection of buildings.
Areas often incorporate one or more doors with their attached inputs and outputs. You can define areas to
track badge holder location, for example in a mustering scenario, or to control access to specific areas, for
example in an anti-passback configuration to limit user access within a building or facility.
Note: Do not confuse areas with partitions. A partition is a separate administrative access zone
within the ACM system. An area is a physical location that requires additional access control.
For example, an anti-passback configuration can be used in a laboratory facility to restrict access to a specific
room.
The laboratory is divided into Area A and Area B. To secure Area B, only lab personnel who are permitted into
both Area A and B can access the lab in Area B. To allow this, the doors are configured as follows:
l The door between the smaller room in Area A and Area B is configured as Out of Area A/Into Area B. It
is the entry door for Area B.
l The door between the larger room in Area A and Area B is configured as Out of Area B/Into Area A. It
is the exit door for Area B.
l The right-side of the double door when entering Area A is configured as an Into Area A door.
l The right-side of the double door when exiting Area A is configured as an Out of Area A door.
Lab personnel with permission to enter Area A are admitted through the right side of the double door when
they swipe their entry card on the door reader. The ACM system records they are "Into Area A". Lab
personnel with permission to enter Area A and Area B can then enter Area B at the door between the smaller
room in Area A and Area B when they swipe their entry card on that door's reader. The ACM system records
they are "Out of Area A" and "Into Area B". After they have entered Area B, they can exit from the other door
to Area A. The ACM system records they are "Out of Area B" and "Into Area A". Lab personnel exiting Area A
swipe their entry card on the reader on the right side of the double door. The ACM system records they are
"Out of Area A".
Adding Areas
1. Select Physical Access > Areas.
2. From the Areas list, click Add Area.
3. Enter a name for the area.
4. Select the appliance that will maintain the area details.
5. Select the Enable Area checkbox to activate the new area.
6. Fill in the other options as required.
7. Click .
The new area is added to the Area Listings page.
Editing Areas
1. Select Physical Access > Areas.
2. Click the name of the area you want to edit.
3. On the following page, make the required changes.
If you want to change the doors that are connected to the area, you must do so from the door's
Operations page.
4. Click .
Deleting Areas
1. Select Physical Access > Areas.
2. From the Areas list, click for the area you want to delete.
3. When the browser displays a pop-up message to ask Are you sure?, click OK.
EOL Resistance
End-of-line (EOL) resistance refers to the resistance levels that must be maintained for input points. Input
devices used with doors often measure circuit resistance in ohms. This measurement is used to determine
the normal resistance level. If the resistance drops across the circuit, an alarm is sent back to the ACM
application.
For example, if resistance for a particular device has been set at 2000 ohms and the circuit's resistance
suddenly drops to 1000 ohm, an alarm is issued by the application.
1. Select Physical Access > EOL Resistance. Make sure the Mercury tab is selected.
2. Select the EOL Resistance definition that you want to edit.
3. On the following page, make the required changes.
Select a mode from the list of custom LED modes to modify its settings. The Mercury LED Mode Table
<number> page is displayed. For more detail, see Editing LED Modes on the next page.
Before making any changes ensure that the related doors and subpanels are correctly configured and wired,
including:
Editing LED Modes
1. Select Physical Access > Mercury LED Modes.
2. Select a Mercury LED Mode table.
3. Review the table details. For any door State, any of the following can be updated:
l Change the color that displays when the state becomes:
o Active in the On Color column.
o Inactive in the Off Color column.
Select the color from the list.
l Change the duration that the color displays when the state becomes:
o Active in the On Time (1/10s) column.
o Inactive in the Off Time (1/10s) column.
The time is in 1/10th second ticks.
l To edit the number of times the LED blinks (where this is possible), enter the new value in the
Repeat Count column.
l To edit the number of time the blinking is accompanied by a sound (where this is possible),
enter the new value in the Beep Count column.
4. Click Save.
Note: The actual output from the selections below (in terms of colors and beeps) may vary from
those selected depending on panel, reader type and configuration. For more information about the
colors supported, refer to the reader manufacturer documentation.
Beep Count The number of beeps to sound when the related state becomes active.
Restore to Default Click to restore the selections for all states to their default setting.
Mercury Security has 3 built-in LED modes. The following tables describe the settings for each mode.
Figure 8: An example of the default settings for LED modes
Important: A panel that is configured to accept the Large Encoded card format can not accept
ABA Mag or Wiegand formats. However, the panel can only accept up to 16 distinct Large Encoded
card formats. Conversely, a panel that can accept any combination up to 16 of both ABA Mag or
Wiegand formats cannot accept any Large Encoded card formats.
Corporate card mode enables you to create batches of unique card numbers using different facility codes
and the same range of internal card numbers. For example, two batches of 26-bit Wiegand cards can have
facility codes 55 and 105 (respectively) and the same 1400-19999 internal card numbers. The facility code
that is inserted at the start of each card number string can be used to grant access and then easily viewed in
Monitor Events and Transaction Reports.
When the Offset value is set to zero (0), the card number is always
read from the card.
Corporate card mode A checkmark to enable the combination of values entered in the
Facility Code and Offset fields, and the card number read from the
card, to produce unique card numbers that the readers at different
facilities will recognize.
Example: 55 x 10000 + 1400 = 551400
To enter other card format options, see Card Format Fields on page 327.
2. Click .
3. Repeat the above steps for another facility code.
Example: 105
4. When the cardholder swipes the token that is configured with Corporate card mode, the cardholder is
granted access to the door.
3. Click .
When a cardholder swipes the token that is configured with an issue level, the cardholder is granted
access to the door. If an issue level that is not configured is swiped (for example, any issue level that is
not 123), the following door event is generated in the log: "Valid card with an incorrect issue level."
4. If the card number needs to be reused, repeat step 2 and increment the issue level number.
5. When the cardholder swipes the token that is configured with the updated issue level, the cardholder
is granted access to the door.
The new card format is displayed in the Card Formats list and can be assigned to doors in the system.
4. Click to save the changes and download the updated card format information to all panels and
door subpanels that are assigned the format.
The deleted card format is removed from all affected doors as soon as the updated card format information is
downloaded.
l Wiegand—for other card types, including proximity cards and smart cards.
l Large Encoded—for internal numbers that are larger than 64 bits. For example, 128-bit
and 200-bit cards need the 32-character Federal Agency Smart Credential Number
(FASC-N) or Card Holder Unique Identifier (CHUID) for PIV-I cards. Large Encoded card
formats are used with FIPS 201 compliant pivCLASS readers.See Appendix: pivCLASS
Configuration on page 529.
The option you select will determine which of the following options are displayed.
ABA Mag options
Facility The facility code of the card format.
Code
Offset The offset number for the card format. In ABA Mag card formats, the offset value is added to
the card number read from the card and the result is used as the card number for the access
request.
Max Digits The maximum number of digits for the card format.
Min Digits The minimum number of digits for the card format.
Facility The length of the facility code in digits.
Code
Length
Facility The starting location of the facility code in the number string.
Code
Location
Card The total length of the card number on the card.
Number
Length
Note: When Corporate card mode is enabled, the Facility Code Length and
Facility Code Location values also need to be specified.
When the Offset value is set to zero (0), the card number is always read from the card.
Number of The maximum number of bits this card format can have. If the Reverse card bytes option is
Bits available for this card format type and it is enabled, the value entered here must be a multiple
of 8.
Even Parity The length of the number string that will have even parity.
Length
Even Parity The starting location of the number string that will have even parity.
Location
Odd Parity The length of the number string that will have odd parity.
Length
Odd Parity The starting location of the number string that will have odd parity.
Location
Facility The length of the facility code in digits. This value must be specified if Corporate card mode
Code is enabled.
Length
Facility The starting location of the facility code in the number string. This value must be specified if
Code Corporate card mode is enabled.
Location
Note: If this mode is used with Corporate card mode, the reader will read the facility
code from the card and use it to calculate the offset. The Facility Code Only door
mode cannot be used when the Suppress facility check checkbox is used.
Corporate A checkmark to enable the combination of values entered in the Facility Code and Offset
card mode fields, and the card number read from the card, to produce unique card numbers that the
readers at different facilities will recognize.
Note: When Corporate card mode is enabled, the Facility Code Length and Facility
Code Location values also need to be specified.
You cannot create events but you can customize the existing system events to monitor what you are most
concerned about.
Events can be made into an alarm when they are assigned to an alarmed Event Type. For more information,
see Event Types - Introduction on page 400.
1. At the top of the Event list, enter the name of the event in the Name field.
Tip: Use any series of letters and numbers to search for the events you want to see.
You can also use the drop down list options to specify that the name of the event Starts With, Equals,
Contains or Ends With your search term.
2. If you know the event type that is assigned to the event, select one of the options in the Event Type
drop down list.
3. Click Search.
The alarm priority is assigned to events on the Event Edit page or the Event Type Edit page.
All possible tints and variations of this color appear to the left in the tint area.
The new color you have selected appears on the right side of the horizontal bar above the
color element fields. The original color appears to the left.
b. To fine-tune the color, click within the tint area.
A cross appears. Drag the cross through the area to determine the exact color you want.
indicating the exact tint and shade you have selected like the following example:
7. Click to save.
Global Actions
Global actions allow you to perform one or more actions simultaneously at a large number of doors
connected to more than one panel. These actions can be triggered in the following ways:
l Manually, from the Global Actions list.
From the browser or ACM Expedite mobile app.
Note: Fields in this list are dependent on the door or device. Some commands or fields are
not supported for all doors or devices.
Tip: Use Shift + Click to select items in sequence. Use Ctrl + Click to select individual items.
5. Click to save.
After defining all your global actions, proceed to Global Linkages to create a sequence of actions.
3. Click to save.
Note: Only Access Group Install/Un-Install, Action Group, Door Grant, Door Install/Un-install, Door
Mask and Door Mode are applicable for ASSA ABLOY external-powered doors. Door Grant and Door
Mode are not applicable for ASSA ABLOY battery-powered doors. Any locks that do not support
real-time communication with a server, will not display door mode options on the Doors list page and
maps. Door mode can be set on the Door: Edit page and by using a batch job (specification).
Type Description
Access Group Install/Un- One or more designated access groups to be installed or uninstalled.
install
Action Group A group of global actions to be run.
DMP Intrusion Area For DMP intrusion panel only. All available commands for intrusion areas.
DMP Intrusion Output For DMP intrusion panel only. All available commands for intrusion outputs.
DMP Intrusion Panel For DMP intrusion panel only. All available commands for intrusion panels.
DMP Intrusion Zone For DMP intrusion panel only. All available commands for intrusion zones.
Door Grant Entry to be granted at one or more designated doors.
Door Install/Uninstall One or more doors to be installed or uninstalled.
Door Mask Alarms to be forced to a mask or unmask state at one or more designated
doors.
Door Mode The door mode to be applied to one or more designated doors.
Email The email addresses of the recipients of global action notifications
Exacq Soft Trigger Exacq video integration only. A soft trigger to be run on the Exacq camera
system.
Input Bosch intrusion panel only. One or more designated inputs to be masked or
unmasked.
Intrusion Area For Bosch intrusion panel only. All available commands for intrusion areas.
Intrusion Output For Bosch intrusion panel only. All available commands for intrusion outputs.
Intrusion Point For Bosch intrusion panel only. All available commands for intrusion points.
Output For Bosch intrusion panel only. One or more designated outputs to be activated
or inactivated.
When the related event occurs in the ACM system, the corresponding point will be triggered at the intrusion
panel, and control over the event (for example,. silencing an alarm) can be made by intrusion panels.
It is best to set this action up with a single area as different combinations of arming and disarming could leave
the door unexpectedly locked or unlocked.
Alarms and access will be accessible from the keypad and from the Monitor > Bosch Intrusion Status >
Areas section of the ACM system.
Note: Keypad access will be limited by the tokens assigned to the identity.
To allow a scenario where entry to an area by a valid card access disarms an intrusion area based on the
badge holder's intrusion authorities, follow the steps below:
1. Create a global action to disarm an area. Action type of 'Intrusion Area', Subtype 'Primary Disarm' and
the relevant areas as the Members.
2. Create a global linkage to door access events.
l Devices tab: Door as the Type and the target doors as Members.
l Events tab: Local Grant.
l Actions tab: Disarm All.
Areas can be armed and disarmed from the keypad (depending on the tokens assigned to the identity) and
from the Monitor > Bosch Intrusion Status > Areas section of the ACM system.
For example, you could lock down an entire building simply by issuing a single trigger. At a more
sophisticated level, you can use global linkages to plot a complex scenario, like a sally port or a man trap, in
which a series of doors are opened in sequence, inputs associated with those doors are sequentially masked
and unmasked, and cameras are turned on as each door is opened.
Global linkages allow you to plan a cascade of triggers and their resulting actions with only a single code
entry or command.
Mustering
In emergency situations, employees and other personnel in your building may be required to gather at
specific locations so emergency response teams can work quickly to ensure that everyone is safe. For
example in a fire drill you may be asked to wait at a specific spot, or muster station, until the drill is over. This
would be the same spot you would gather in an actual fire.
To help track the location of users in emergency situations, Access Control Manager offers the Mustering
feature. Mustering allows you to create a dashboard to quickly monitor who has arrived at their muster station
and who is still in danger during emergency situations.
Mustering - Requirements
To use the Mustering feature, you must configure each muster station and give users access to it in the ACM
system.
e. Click .
4. Create an access group that includes all the doors in the muster station area.
5. Assign the access group to a role that would need access to the mustering area.
Tip: Create a role for each mustering area. If users physically move locations within an
organization, they can be easily assigned to new mustering stations without impacting their
primary role in the system.
6. Assign the role to each identity that would need access to the muster station.
Next, create a dashboard to track identities as they arrive at the appropriate muster station in emergency
situations.
The dashboard can be a simple list of all the Mustering areas, or it can be configured into color coded shapes
for quick identification.
You can add a dashboard to any map, or you can create a blank map to host the dashboard.
Note: Depending on how your dashboard is set up, your map may look different. Dashboard
elements may appear as a line of text or as a shape with text inside.
Each dashboard element is labeled in this format: <# people> <Area Name>. The title of each
dashboard element displays the total number of people that are in the grouped area, and listed below
the title is a list of each area within the group.
As people move from one area to the next, you can track who is still in the danger area and who has
arrived in a safe area.
3. Click a dashboard element to display a list of all the people who are in an area.
Click the name of a person on the list to go to their Identity page. The Identity Edit page will tell you the
last door and area this person accessed.
Note: Confirm the location of the person before you reset their actual location in the system.
4. Click .
After you have connected your appliance to the network, you can further customize and set up your
appliance to meet your system requirements.
Deleting an Appliance
Appliances may need to be deleted in certain cases. If you want to disconnect an appliance that is no longer
needed, delete it from the system before physically removing it. If you want to take an appliance that is being
used for replication or redundancy and use it as a primary appliance, the appliance must be deleted first.
2. From the Appliance list, click beside the appliance that you want to delete.
3. When the confirmation message is displayed, click OK.
Important: The ACM 6 license format is different from previous versions. You will need to upgrade
your license format if you upgraded from ACM 5.12.2 to ACM 6.0.0 or later in order to add new
licenses. Replication features, including failover, will not function if your license format is not the
same on both the primary and standby appliances.
The replication feature allows two or more appliances to be set up to share a single set of LDAP configuration
data, so that the appliances can share identities and other system details. Any change made to configuration
data on one appliance is automatically copied (“replicated”) to the other appliances. This is referred to as a
“Peer to Peer” configuration. In this configuration, each appliance “owns” the hardware installed on it, and
events and status information sent from that hardware can only be viewed on the hardware owner appliance.
All panel hardware added in a replicated environment must be assigned upon creation to one of the available
Peer to Peer appliances. A panel and its subpanels cannot be split across multiple appliances, but is installed
on one of the Peer appliances.
Tip: It is recommended that replication be set up on all appliances before adding panels, other
hardware or user details to the system. After replication is configured, it is possible to configure
system hardware and identity information from one of the replicated appliances on the network
rather than having to connect directly to each individual appliance to make changes to its installed
hardware. However, it may be necessary to perform a download of the hardware configuration from
the appliance where the hardware is installed in order to update the hardware with the latest
configuration data changes made from another appliance.
Each Primary appliance can only be assigned one Standby appliance, but the same Standby appliance can
be assigned to more than one Primary appliance. However, if two or more Primary appliances fail at the same
time, the Standby appliance will replace the first appliance that it knows is offline (if configured for automatic
failover), and will not be available for failover of the other Primary appliances while it is standing in.
Automatic failover
Automatic failover is controlled by the Standby appliance by monitoring the health of the Primary appliance. If
a Primary appliance is found to be unresponsive by the Standby appliance within a set period of time, the
Standby appliance will automatically initiate failover of the Primary appliance and will begin to control the
hardware installed on that Primary appliance, and will begin to receive events and status from this hardware.
There are two settings that control automatic failover - Heartbeat count and Heartbeat time. The Heartbeat
count is the number of health checks the inactive hot standby appliance makes to see if the active primary
appliance is alive. If this number of failures occurs in a row, the hot standby will do an automatic failover. The
Heartbeat time is the time between health checks (regardless of if the previous check was successful or
failed).
It is not necessarily possible to calculate specifically how long it would take to failover. It is not simply a matter
of multiplying the Heartbeat count by the Heartbeat time (for example Heartbeat count of two and Heartbeat
time of 30 seconds does not necessarily mean failover in about one minute of the primary going down,
however one minute would be the best/shortest case). This is because the time it takes each check to fail
may depend on a network time-out in the case of the hot stand by machine no longer having network
connectivity to the primary machine. Typically, a worst case network time-out is approximately two minutes -
however this may possibly vary. A health check may also fail immediately depending on network
considerations/status.
It is recommended to set the Heartbeat count to at least a value of two so that a short network glitch does not
cause a premature failover. A Heartbeat count of two and a Heartbeat time of 30 seconds should typically
ensure that a failover is initiated within one to about five minutes of the primary going down.
Read through all of the following procedures before configuring replication and redundancy. If any detail is
unclear, contact Avigilon Technical Support for more information before you begin.
If you only have one appliance in your system, replication is not possible. In this situation, performing periodic
backups is the recommended method of ensuring appliance recovery after a failure.
Once replication is set up, any identity or other system configuration data that is added to or edited on one
appliance is automatically copied to the other appliances. Be aware that each appliance will be responsible
for their connected panels, subpanels, and other hardware. Configuration and viewing of all system hardware
is possible from any replicated Peer appliance, but you will not be able to see the hardware status or events
from any appliance other than the one the hardware is installed on.
When more than two replicated Peer appliances exist, it is recommended that Peer to Peer replication be set
up in a mesh formation, where every Peer appliance has links (“subscriptions”) to all of the other Peer
appliances. This allows system configuration to be performed from one Peer appliance and have the details
automatically replicated to all the other Peer appliances, while providing multiple paths for this data to
replicate among the participating appliances. The exception to this is a Standby appliance, which only needs
to have replication subscriptions with its Primary appliance.
Note: Up to 99 appliances can be connected together for Peer-to-Peer replication, and this limit
includes any Hot Standby appliances in the environment.
1Lightweight Directory Access Protocol is an open, industry standard application protocol for accessing and
maintaining distributed directory information services over a network. An LDAP database in the Access
Control Manager system typically includes user details, connected hardware details, events, alarms and other
system configuration details.
When configured and in standby mode, the Standby appliance is essentially a blank appliance that only has
basic system settings. The Standby appliance has its own configuration for appliance related attributes such
as host name, ports, time zone (etc.), but it does not have any hardware configuration of its own. It only has
that hardware data which is replicated from the Primary appliance that owns it. When a Standby appliances
takes over for a Primary appliance, the operating system settings on the Standby appliance (such as host
name and IP address) do not change to match the Primary appliance’s settings. Instead, the applications
running on the Standby appliance begin to service the records (including doors, panels, video servers,
collaborations and so on) previously controlled by the Primary appliance. Note that this requires a different
URL for clients to be able to access the Hot Standby appliance – this is not handled automatically by the ACM
system.
If one Primary appliance (1) exists for everyday operations and one Hot Standby appliance (*) is available, set
up the Standby appliance to subscribe to and receive replicated configuration data and transactional data
from the Primary appliance. If the Primary appliance fails, the Standby can automatically step-in and maintain
daily operations.
If more than one Primary appliance exists for a Hot Standby appliance, the Hot Standby appliance still
remains separate from daily operations but must receive replicated configuration and transaction data from
all Primary appliances it is configured to failover for. Be aware that the Standby appliance can only stand-in
for one failed Primary appliance at a time.
Note: The default port must be used for Allegion Schlage locks.
o LDAP Connect Port / Replication Subscription LDAP Port (should be a unique, open TCP port
that nothing else uses). This is a TCP port used for Open LDAP replication between appliances.
o Event Replication Port (default 6052). Once a Primary/Standby appliance relationship is
established, the Primary appliance will automatically transfer event transactions to the Standby
appliance so event data will be available when a failover occurs. Connectivity is required for
both Primary and Standby appliances using the Event Replication Port (this is a TCP port used
for open SSL socket communication).
o Replication Failover Port for heartbeat (default is NONE but should be a unique, open TCP port
that nothing else uses). This is a TCP port (used for open SSL socket communication) defined
on the Primary appliance only. The Standby appliance uses it to communicate with the Primary
to check its health status in order to determine if an automatic failover is required, if monitoring
Note: You can have up to 99 appliances connected together for replication, including any
Standby appliances configured for failover.
l Software updates. When software updates are installed, they should be installed on all appliances in a
timely manner (i.e. one after the other). Note that the appliance with address 1 should always be the
first appliance in the environment to have software upgrades applied to it, as any LDAP schema and
data changes (adding deleting system records, massaging of data) involved are performed there and
replicated out to the other appliances. The other non-address 1 appliances will not have these LDAP
schema changes applied by the upgrade, so it is essential to upgrade the address 1 appliance first.
The remaining appliances can be upgraded in any order once the address 1 appliance is back online
after its upgrade completes.
l Recommended SMTP settings. The SMTP settings configure which mail server should be contacted to
send out email and which account should be used. This is configured separately per appliance. When
the Primary and Standby appliances are physically separated, sometimes by considerable distances, it
is recommended to assign local mail servers for each. A mail server must be set up on both Primary
and Standby appliances if you want to send email notifications for failover and failback occurrences.
l Web Server Port – The port number for accessing the appliance web service.
l LDAP Connect Port – The port number for accessing the LDAP database on the appliance.
This port will be used by replication to update LDAP data and will be used when other
appliances are added to the replicated environment.
The appliance will automatically restart if changes are made to the above fields and saved.
l Web Server Port – The port number used for accessing the appliance web service.
l LDAP Connect Port – The port number used for accessing the LDAP database on the
appliance. Use the same value as the replication address 1 appliance if possible.
Note: Do not select this checkbox if the appliance will not be used as a Standby.
d. Identity Password: enter the same password as used in the primary appliance.
e. Event Replication Port: enter a port number that will be used to replicate data to the primary
appliance. Default is 6052.
f. Other Fields in Replication Settings section: leave Initial Retry Time, Initial Retry Count, Last
Retry Time, Last Retry Count, Timeout, Network Timeout, and Keep Alive at their default values.
These will only need to be adjusted in consultation with Avigilon Technical Support to resolve
replication problems.
Always add the replication subscription to the first (replication address 1) appliance while logged into the
second appliance and from the Hot Standby’s Replication tab. As the second and subsequent appliances first
subscribe to and receive replicated data from the first (replication address 1) appliance, the existing LDAP
database on each subscribing appliance is overwritten by the replicated data from the first (replication
address 1) appliance, so that each subscriber appliance has its LDAP data properly initialized.
Note that this overwrite of the subscriber LDAP database only occurs when the first subscription is added on
a subscribing appliance. Subsequent subscriptions created on this subscriber appliance do not perform the
overwrite of LDAP data that the first subscription, as the database is already initialized. This is why it is
recommended that replication (and redundancy if used) is set up for each subscriber before adding
hardware, user identities or system configurations to avoid data being overwritten and lost.
Do not add the first replication subscription to the address 1 appliance, or all configured data on that
appliance will be overwritten as part of the initialization process described above.
1. Log in to the secondary or standby appliance. You must use the "admin" user name and password or
you will not be able to make changes to the Replication tab.
The Replication Setup Process Log is automatically displayed if this is the first replication subscription. Click
the Continue button that is displayed.
Now, complete the following tests to confirm that replication is functioning correctly.
Testing Replication
After setting up replication between a two or more appliances, complete the following procedures to confirm
that replication was set up correctly.
Once the Replication Subscription is complete, open a browser for each appliance that is set to replicate to
After you have the browsers open, display the Appliance Replication page for the appliances. Confirm that
the following settings are the same for all appliances:
Note: The Status and System Entries area are only displayed if the primary and subscribing
appliance details are accessed together.
l Under the Status area, 1 and 2 are listed in the RID column. 1 should be the primary appliance and 2
should be the secondary or standby appliance. There may be other numbers listed if you have more
appliance subscriptions.
l Confirm that the date and time listed in the CSN column is the same for all appliances.
l Under the System Entries area, there should be at least one entry to show that the primary appliance
has replicated data to the other appliances.
l
When you click > Appliance, the Appliance list should be displayed and list all appliances.
1. Make a small change in the primary appliance. For example, update an address for an identity.
2. Access a subscribing appliance and check if you can see the change.
3. Make a small change in the subscribing appliance. For example, update an address for a different
identity.
4. Access the primary appliance and check if you can see the change.
If the changes you made appear in both appliances, then replication was set up successfully.
Note: Do not perform this procedure until after replication has been correctly set up. This step
assumes that the checkbox for Hot Standby on the Appliance tab has been checked for the
appliance serving as the Hot Standby appliance.
1. Log in to the primary appliance. This procedure can only be performed on the primary appliance.
Note: A Heartbeat Count of two and a Heartbeat Time of 30 seconds should typically
ensure that a failover is initiated within one to about five minutes of the primary going
down. For more information, refer to Configuring Replication and Failover on
page 343.
e. Heartbeat Count: Enter the number of failures in a row before the secondary appliance takes
over for the primary appliance.
Tip: It is recommended to set this to at least two so that a short network glitch does not
cause a premature failover.
You can specify the email addresses to which notifications are sent for each event, or you can configure a
custom event type for the three events and specify the email addresses to which notifications are sent for the
event type.
1. To specify email addresses to which notifications are sent for each event:
a. Click Physical Access > Events to open the Events Listing page and search for the three
events. Tip: Search for events containing "Appliance".
b. Open the first event. The Event: Edit panel opens.
c. Enter one or more email addresses in the Email field. Separate email addresses with commas.
d. Click .
e. Repeat for the remaining events.
2. To create an event type for the three events and then specify email addresses to which notifications
are sent for the event type:
a. Click and then Event Types to open the Event Types panel.
b. Click the Add Event Type button. The Event Type: Add panel appears.
c. Enter a name for the Event type. Complete the other options as required.
d. Enter one or more email addresses in the Email field. Separate email addresses with commas.
e. Click .
f. Click Physical Access > Events to open the Events Listing page and search for the three
events. Tip: Search for events containing "Appliance".
g. Open the first event. The Event: Edit panel opens.
h. In the Event Type option, select the new event type from the drop-down list.
i. Click .
j. Repeat for the remaining events.
Important: Call Avigilon Technical Support before you attempt to remove or delete the replication
and failover settings.
Depending on your system configuration, it may require careful planning before you are able to successfully
disable replication and failover on your system. To avoid possible data loss, contact Avigilon Technical
Support to help guide you through the process.
In an unplanned system outage, the system will automatically failover. In a planned system outage, you can
manually failover an appliance so that the system can continue to run. Once the original appliance is ready to
come back online, you can tell the replacement appliance to failback and allow the original appliance to
resume normal operations.
Automatic Failover
If the Monitor On option is enabled in the Primary appliance's Failover Settings area on its Replication tab, the
Hot Standby appliance will automatically try to communicate with the Primary appliance periodically. If the
Primary appliance does not respond in the set amount of time, the Hot Standby appliance assumes that the
Primary appliance has failed, and automatically takes-over for the Primary appliance.
If the Monitor On option is disabled in the appliance's failover settings, the Primary appliance will simply fail
and the Hot Standby will not stand-in unless it is manually told to do so.
To check if a Primary appliance has failed-over to a Hot Standby appliance, confirm the following details:
l You are unable to connect to the primary appliance through the web browser.
l When you log in to the Hot Standby appliance, you see that the Hot Standby has started logging
hardware events on its Event Monitor screen.
Hot Standby appliances do not have any connected panels or other hardware until they take over from
a Primary appliance, so there should not be any hardware events listed on the Event Monitor screen
unless the Hot Standby appliance has stood in for its Primary appliance.
l When accessing the Appliance > Replication page on the Hot Standby appliance, it is listed as Active:
Yes beside the name of the inactive Primary appliance.
Manual Failover
If there is a planned system outage, like an appliance upgrade, you may want to have the primary appliance
manually failover to the standby appliance so that the system can continue to function while the upgrade
occurs.
In anticipation of a planned system outage, Monitor On failover option should be disabled so that a Primary
appliance does not failover until it is instructed to do so.
After a few moments, the Active status will change to Yes beside the Primary appliance that the Hot Standby
has replaced and the Take Over button is replaced by the Fail Back button. Notice that once the standby
appliance has replaced an appliance, it cannot be set to take over for another Primary appliance until after it
Failback
After a failover has occurred, you can set the standby appliance to failback once the primary appliance is
ready to return to normal operations.
Failback 364
1. Log in to the Hot Standby appliance.
2. Access the Appliances > Replication page.
3. In the Failover Settings area, click the Fail Back button next to the failed over Primary appliance.
For the Primary appliance, this section contains information about the last row of Postgres transactional data
replicated from the Primary to its Hot Standby, including rowid of record in basetrx table (Last Trx ID), date
that transaction occurred (Last Trx Date), the last attempted replication time (Last Attempt Time), and its status
(Last Attempt Status). For the Hot Standby this information is displayed for the Postgres transactional data it
has, with transaction data displayed for the last transaction replicated to the Hot Standby for each Primary it is
backing up.
Note: You cannot add or remove an Ethernet port from the appliance but you can add virtual ports.
4. Click Save.
Note: If you assign or change the IP address, make sure that any switches or routers connected to
the appliance recognize the changed address. To do this, perform one of the following:
If the switch or router is not able to detect the appliance's new IP address, you may need to manually update
the switch or router. Refer to the switch or router documentation for more details.
5. Click Save.
6. Repeat this procedure to add all the routes that are required.
6. Click Save.
Backups
You can configure backup events to generate backup files of the configuration and transaction databases of
the ACM system. The backup files can be used to restore information if an appliance's configuration or
transaction data ever becomes corrupted. They are used to retain data, especially transactional data, for
regulatory purposes.
Configuration and transaction data are separately backed up. Backup events can either be scheduled on a
daily or weekly frequency, or manually started. Backup files can also be encrypted, which may be required to
protect data that is retained for regulatory purposes.
Configuration data, which includes identity information (including photographs, data, and tokens), can
generate large backup files. Backups should be generated regularly, and at the very least, following changes.
In the event of a catastrophic failure, an up-to-date configuration backup enables the ACM system to be up
and running again much faster.
Transactional data, which is generated while the ACM system is active, can be retained in backup form to
meet any applicable regulatory requirements, and can be generated to meet data retention policies.
Note: Configuration data (including tokens) and transactions data must be backed up separately.
Backups 367
4. Select the preferred Backup Type.
Some of the settings change to match the selected backup type.
5. From the Data Type drop down list, select Configuration or Transaction.
6. Click Browse to select where the back up files will be stored.
7. Optionally, in the Schedule area, select the days of the week when the back up will occur then enter
the preferred backup time in 24 hour format. Leave the schedule options blank for a backup that can
only be manually started.
8. Click Save.
Note: When you are using the Local Drive backup type, the previous backup file is
overwritten. For all other backup types, the file is added to the configured Location.
Restoring Backups
If the appliance's configuration or transaction data ever becomes corrupted, you can restore the data from a
backup.
Start with the most recent backup prior to the data being corrupted. The restored data will overwrite all the
configuration or transaction data.
Restored configuration data won't be downloaded to the panels immediately. After the backup is restored,
verify that the restored data for panels is correct. For example, identities (or door schedules, or overrides and
so on) that you deleted after the backup was created may have to be deleted again, and identities that you
added after the backup was created may have to be added again. Then, manually download the restored
verified configuration data to each panel in your system. For more information about downloading panels,
see Resetting Doors Connected to a Subpanel on page 178.
As well as restoring backups from your ACM appliance, you can restore backup files:
l From other ACM systems, or that were created using backup events that are no longer on your
system. For more information, see Restoring Backups From Other Backup Events on the next page.
Backups created in versions prior to the ACM software release 5.12.2 may not be compatible with later
To restore a backup file created on your ACM appliance (other than one created by a Local Drive backup
event that has been downloaded to the default Downloads folder of your local workstation):
Note: See Downloading All Tokens on page 310 if you have restored an ACM appliance that is
connected to a SALTO server.
Note: It is also possible to restore backups from earlier releases of ACM systems. However, backups
created in versions prior to the ACM software release 5.12.2 may not be compatible with later ACM
versions.
1. Identify the name of the backup event used to create the backup:
a. Locate the backup file that you want to restore. The filename format is <backup event name>-
<date: yyyyMMDDHHMMSS>.
b. Note the name of backup event that is embedded in the file name.
2. In the ACM Client software:
Tip: After you have restored the backup file, rename the backup event to its
previous name if you want to continue to use it as before.
Important: The name of the backup event must match the backup event name
embedded in the filename of the backup file.
c. The selected file is copied to the appliance and replaces the existing configuration or
transaction information on the appliance.
Logs
Appliance logs are automatically generated to monitor communications between panels and devices.
The appliance logs are automatically generated and monitor the communications between panels and
Logs 370
devices. They can be used to help diagnose appliance issues.
Log details are displayed in chronological order. The earliest log event is displayed at the top, and the most
recent is displayed at the bottom. The full text of the log is displayed. Each log is different because of the
different activities that are tracked by the log. The name of the Appliance and the Log file are displayed at the
top of the screen for each log.
Software Updates
Software updates are available for download and installation.
Once you've downloaded the latest version of the software, you can install the update to the appliance from
any browser on the network.
1. From the Appliance Edit page, select the Software Update tab.
Report Trx backlog The count of event transactions waiting to be processed for reporting.
Report Audit The count of system and user audit events waiting to be processed for
backlog reporting.
File Name The name of the update file currently available to this appliance.
Size (Bytes) The size of the update file in bytes.
Upload Date The time and date when this update file was uploaded to the appliance.
2. Upload the latest version of the Access Control Manager software to the appliance.
a. Click Add Software Update.
b. Click Choose File and then locate the latest software file that was downloaded.
c. Click to upload the file to the appliance. It may take several minutes for the upload to
complete. Do not navigate away from the page during the upload or the upload is automatically
canceled.
3. When the software file is uploaded to the appliance, click next to the filename.
4. When the confirmation message is displayed, click OK.
A self-signed Secure Socket Layer (SSL) certificate identifies and secures the communication between an
ACM appliance, your browser and the external services that interact with the appliance. The appliance
certificate and web client certificates will encrypt communication to ensure that only the expected receiver
can read the communication.
Update the default self-signed SSL certificate that is shipped with your ACM appliance with your certificate or
a certificate provided by your certificate signing authority. ACM allows you to create a new certificate, or
create a certificate signing request and then upload it.
Note: If you are using FIPS-certified ciphers, ensure the Use FIPS 140-2 compliant ciphers only
setting is enabled before you upload a certificate. For more information, see Enabling FIPS 140-2
Encryption on ACM Appliances on page 529.
Certificates installed on ACM may affect Allegion Schlage® lock operation, and therefore, must
comply with Allegion Schalge lock requirements. For more information, see Schlage documentation.
The default web server port in ACM must also be used. If your appliance is using a custom certificate,
Allegion Schlage Wi-Fi locks will require you to upload the proper CA certificate. For more
information, see Step 2: Setting Up Communication to Offline Wi-Fi Locks on page 293.
Note: To provide maximum security strength for your ACM system, ensure the certificate meets the
U.S. government's National Institute of Standards and Technology (NIST) Special Publication 800-
131A (SP 800-131A) standard.
If your ACM appliance to ACC integration deployment is having trouble connecting, review the
certificate requirements for the two systems. You may need to update the certificate on the ACM
appliance to resolve the connection issues between the two systems.
5. Click .
6. When the Download CSR and Download Private Key links appear, click them to download both files
to your local drive.
7. Send the certificateRequest.csr file to your signing authority to obtain a signed certificate.
Note: Protect your csrPrivatekey.key file and make sure that it is accessible only to
trusted administrators.
View the ACM appliance version and licenses, and add or upgrade licenses, on the About tab in
> Appliance:
Adding a License
When you first install an ACM 6 system, you will need to license the system to use its features. Add additional
Online Licensing
If you have Internet access, use online activation. Otherwise, see Offline Licensing below.
Offline Licensing
Offline licensing involves transferring files between a computer running the ACM system and a computer with
Internet access.
In the ACM system:
1. Go to activate.avigilon.com.
2. Click Choose File and select the .key file.
3. Click Upload.
Important: When reactivating a site cluster, upload all the deactivation .key files first and
then the single activation .key file at last.
Removing a License
You can deactivate individual licenses and activate them on a different system.
Online Licensing
If you have internet access, use the following procedure. Otherwise, see Offline Licensing below.
Offline Licensing
Note: You need a licensing. avigilon.com account. Contact your organization's Technical Contact for
access.
Offline licensing involves transferring files between a computer running the ACM system and a computer with
Internet access.
In the ACM system:
Important: When reactivating a site cluster, upload all the deactivation .key files first
and then the single activation .key file at last.
Note: If your system is licensed for more than the maximum number of readers, you will not be
eligible for an upgrade license. You can continue using your existing system, or contact sales to add
more features.
If you do not upgrade your license format, you can continue to use your existing features. However, you will
not be able to license new features.
Important: If you use the replication and failover features of the ACM system and you choose to
upgrade the license format you must upgrade the license format on both the primary and standby
ACM appliances. Replication features, including failover, will not function if the license format is not
the same on both appliances. Complete the following steps on both appliances.
Note: Any date fields in Collaboration files (e.g. Last Access, Expire Date, Activate Date, Issue
Date) will display as blank if there is no information recorded for that field. The Force Password
Change field does not apply to collaborations.
Adding a Collaboration
For the types of collaboration available in the ACM application, see Supported Collaborations on page 387.
To add a collaboration:
Identity CSV one-time Long format Delimiter; Text Qualifier; Date Format; CSVFile
Identity CSV one-time Short format CSVFile
Identity CSV Recurring Include Primary Photo; Location Type; Host; Port
Number; User Name; Password; Location;
Delimiter; Text Qualifier; Date Format; Domain
Name (Windows Share)
Identity LDAP pull Host; Bind DN; Password: Port Number; SSL,
Validate Certificate
Identity Oracle RDBMS pull Host; User Name; Instance; Port Number;
Password
Identity SQL Server pull Host; User Name; Database; Port Number;
Password
6. Click Save.
The Collaboration: Edit screen appears.
7. Navigate through the tabbed pages and fill out the details as required.
8. Click Save.
4. Click Save.
The message 'Collaboration entry was successfully created' displays on the Collaboration: Edit screen.
5. Click the Events tab.
6. Complete the following fields:
Schedule Select a Schedule for when the XML events collaboration will be
active.
Send Acknowledgments Select this checkbox to include acknowledgments.
Send Clears Select this checkbox to include clears.
Send Notes Select this checkbox to include notes created by Alarm Monitor
operators when processing alarms.
Note: Hold the SHFT key down and select the first and last entries to select multiple
consecutive entries. Hold the CTRL key down to select multiple non-consecutive entries.
8. Click Save.
XML Definition
<plasectrxGatewayDN> An internal reference for the ACM appliance that
cn=544de4aa06914073,ou=gateways this XML came from.
,dc=plasec
</plasectrxGatewayDN>
<cn>38901f4a95d14013</cn> The unique row identifier for this particular event.
Corresponds to the ID column in the history tables.
<plasectrxRecdate>20140610055028-0700 Time the event was logged into the ACM system
</plasectrxRecdate> history – adjusted for ACM local time.
<plasectrxPanel date>20140610085028-400 The UTC time the event actually happened. It is the
</plasectrxPanel date> timestamp of the event being reported up from the
field hardware. Adjusted for field hardware local
time.
<plasectrxRecdateUTC>20140610125028Z Time the event was logged into the ACM system
</plasectrxRecdateUTC> history.
<plasectrxPanel dateUTC>20140610125028Z The UTC time the event actually happened. It is the
</plasectrxPanel dateUTC> timestamp of the event being reported up from the
field hardware.
<plasectrxLastacc> Last Access time and date of the Token that is
19700101000000Z</plasectrxLastacc> associated with this event. Example – the last
recorded valid access of the card that was used at
a door causing a ‘Local Grant’ event.
<plasectrxEvtypename> ACM event type category for this event.
Intrusion</plasectrxEvtypename> Corresponds to one of the event types defined in
the ACM system in Settings: Event Types.
<plasectrxBackgroundColor> Color assigned to the event background color (if
</plasectrxBackgroundColor> any) for display in the ACM monitor.
<plasectrxForegroundColor> Color assigned to the event foreground color (if
</plasectrxForegroundColor> any) for display in the ACM monitor.
<EVENT>
<plasectrxGatewayDN>cn=544de4aa06914073,ou=gateways,dc=plasec</plase
ctrxGatewayDN>
<cn>38901f4a95d14013</cn>
<plasectrxRecdate>20140610055028-0700</plasectrxRecdate>
<plasectrxRecdateUTC>20140610125028Z</plasectrxRecdateUTC>
<plasectrxLastacc>19700101000000Z</plasectrxLastacc>
<plasectrxEvtypename>Intrusion</plasectrxEvtypename>
<plasectrxBackgroundColor></plasectrxBackgroundColor>
<plasectrxForegroundColor></plasectrxForegroundColor>
<plasectrxAckBackgroundColor></plasectrxAckBackgroundColor>
<plasectrxAckForegroundColor></plasectrxAckForegroundColor>
<plasectrxSourcealtname></plasectrxSourcealtname>
<plasectrxPointaddress> 750</plasectrxPointaddress>
<plasectrxPointDN>cn=750,ou=points,dc=plasec</plasectrxPointDN>
<plasectrxEvtypeaddress> 5</plasectrxEvtypeaddress>
<plasectrxSourceDN>cn=100,cn=0,cn=9,ou=panels,cn=544de4aa06914073,ou
=gateways,dc=plasec
</plasectrxSourceDN>
<plasectrxSourcetype>40</plasectrxSourcetype>
<plasectrxOperatorname></plasectrxOperatorname>
<plasectrxPri>10</plasectrxPri>
<plasectrxMsg></plasectrxMsg>
<plasectrxIdentityDN></plasectrxIdentityDN>
<plasectrxCardno> 0</plasectrxCardno>
<plasectrxEmbossedno></plasectrxEmbossedno>
<plasectrxLname></plasectrxLname>
<plasectrxFname></plasectrxFname>
<plasectrxMi></plasectrxMi>
<plasectrxIssuelevel> -1</plasectrxIssuelevel>
<plasectrxFacilityCode>0</plasectrxFacilityCode>
<plasectrxExpiredat>19700101000000Z</plasectrxExpiredat>
<plasectrxActivdat>19700101000000Z</plasectrxActivdat>
<plasectrxIssuedat>19700101000000Z</plasectrxIssuedat>
<plasectrxHasCamera>0</plasectrxHasCamera>
<plasectrxHasNotes>0</plasectrxHasNotes>
<plasectrxHasSoftTriggerSet>0</plasectrxHasSoftTriggerSet>
<plasectrxShowVideo>0</plasectrxShowVideo>
<plasectrxSeqno>0</plasectrxSeqno>
<plasectrxIsAlarm>1</plasectrxIsAlarm>
</EVENT>
For definitions of the individual attributes, refer to Collaborations - Events XML Definitions on page 382.
4. Click Save.
Supported Collaborations
Type Description
Identity
Identity CSV Export identities, photos, tokens, groups, and roles to a CSV file.
Export
Note: Only one Local Drive Identity CSV Export collaboration is allowed.
Identity CSV One- Import identities, tokens, groups, roles from a CSV file manually and keep the Access
time Long format Control Manager identity database in sync with changes.
Identity CSV One- Import identities, tokens, groups, roles from a CSV file manually and keep the Access
time Short format Control Manager identity database in sync with changes.
Identity CSV Import identities, photos, tokens, groups, and roles from an updated CSV file and keep
Recurring the Access Control Manager identity database in sync with changes.
Identity LDAP pull Pull identities, tokens, groups, roles from a directory store and keep the Access
Control Manager identity database in sync with changes.
Note: Ensure any individual images to be imported are not over 1MB.
Events
Events - Generic Transmit events in real time using XML.
XML
Events - Splunk Produces messages in Splunk format. Splunk is a log aggregation product.
Note: The maximum file size recommended for unzipped information is 25GB. This maximum
equates to approximately 12,500 identities if each identity has a 2MB photograph, or 6,250 identities
if each identity has a 4MB photograph.
Running a Collaboration
To run a collaboration:
2. Click from the Run column next to the collaboration you want to run.
3. When the confirmation message is displayed, click OK.
Allow more time for the collaboration to run if you are using the SCP or Windows Share location type.
Running the Local Drive location type is faster because network performance is not a consideration.
4. View the ACM identity and token information as follows:
Note: The maximum file size recommended for unzipped information is 25GB. This maximum
equates to approximately 12,500 identities if each identity has a 2MB photograph, or 6,250
identities if each identity has a 4MB photograph.
The general identity collaboration log can be previewed for these types of collaborations:
l Identity CSV Recurring
l Identity LDAP pull
l Identity Oracle RDBMS pull
l Identity SQL Server pull
The following examples show an Identity CSV Export to Local Drive collaboration and a previewed log in the
Identity Collaboration Log....
Figure 19: Example of two collaborations that were run and completed
====================================
====================================
...
====================================
====================================
...
...
Note: The 7-Zip tool is recommended for extracting zipped CSV export files larger than 4GB. The
maximum file size recommended for unzipped information is 25GB. This maximum equates to
approximately 12,500 identities if each identity has a 2MB photograph, or 6,250 identities if each
identity has a 4MB photograph.
Deleting a Collaboration
To delete an existing collaboration:
4. From the Available list, select all the events you want to transfer, then click .
The event is added to the Members list to show that it is now assigned.
To remove an event from the collaboration, select the event from the Members list, then click .
5. Click Save.
A door can be assigned an 'unlock schedule', which specifies a period of time when no credential is required
to access the door. All users have free access during the 'unlock schedule' period. Likewise, a device may be
assigned an 'active schedule', a period during which the device is in operation.
When a panel is not operating as expected, see Panel Events on page 526 for troubleshooting instructions.
Holidays
Holidays are special days in the year when the standard schedule does not apply or a different entry and exit
pattern is observed. New Year's Day and National Day are examples of holidays. The Access Control
Manager is designed to accommodate a large number of diverse holidays.
Note: Holidays are set for a specific day in the year. You need to update the system holidays each
year.
Holidays 394
Name The name of the schedule.
Click the name to edit the schedule.
Mode The mode of the schedule.
l ON – The schedule is constantly on. You do not need to set
specific dates or times for the schedule.
l OFF – The schedule is constantly off.
l SCAN – The schedule follows the date and time set in the
checkboxes.
Delete
Click to delete the schedule.
Add Schedule Click the button to create a new schedule.
Create New Report Click the button to generate a report of all the schedules in the system.
Note: The Advanced Schedule option is not supported for ASSA ABLOY IP doors.
Note: For Mercury Security and ASSA ABLOY IP-enabled doors, the limit is 255
schedules. For Schlage IP/PoE mode doors, the limit is 16 intervals in all
schedules combined. For SALTO doors, the limit is 1024 schedules.
Note: SALTO doors only. If a door is linked to a zone in the SALTO system, do not assign the
access group a schedule that is less than five minutes in duration in the Active and Inactive
fields.
Tip: If a message indicates the Advanced Schedule option cannot be enabled when saving,
do any of the following:
l Save the schedule without Advanced Schedule selected. Some doors only support
basic schedules.
l Find the access groups using the schedule and select another schedule.
Deleting Schedules
Note: When you delete a schedule that is currently used (such as by a door, panel or interlock), all
references to the deleted schedule are replaced by the Never Active schedule.
Adding Holidays
1. Select > Holidays.
2. Click Add Holiday.
3. Enter a name for the holiday in Name.
4. Enter the specific date of the holiday.
Note: For a recurring holiday, create a holiday for each future year.
5. If the holiday spans more than one day, fill out the Additional Days field.
Default setting is 0 for a one-day holiday.
Example: If 01/01/2020 is the date of the holiday and 2 additional days are specified, the holiday
period is January 1, 2 and 3.
7. Click the Preserve schedule days checkbox to specify that only the holiday schedule be activated on
the date of the holiday. Leave unchecked if all other schedules are to be activated on the same date.
The holiday must be assigned to a schedule to control any door settings.
Note: If two holidays on the same date are added with different settings in this field (one is
checked and the other is not checked), the settings of the last holiday added takes effect.
Editing Holidays
1. Select > Holidays.
2. Click the name of the holiday you want to edit.
3. Edit the information about the holiday as required.
Deleting Holidays
1. Select > Holidays.
2. On the Holiday list, click for the holiday you want to delete.
3. When the browser displays a pop-up message to ask Are you sure?, click OK.
Examples
Noted below are two examples of setting up holidays and schedules.
4. Click to save.
Tip: To apply an advanced schedule that supports different holidays for intervals in a schedule,
make sure the Advanced Schedule checkbox is selected. For example, if afternoon team functions
are held over two weeks on a Thursday and Friday (10th and 18th), add the two holidays (10th and 18th
with 7 and 8 types, respectively) and then enter checkmarks for Thu and 7 in one row and Fri and 8
in another row. Save the schedule.
4. Click to save.
A number of event types are defined by default but you can add or delete event types as needed. The default
events are listed below.
Invalid Credential Door Relates to any door event where access is denied
(e.g. Deactivated card attempt, Invalid card
schedule, Access denied – occupancy level
reached etc.).
Maintenance Door Primarily developed to cover events where action
is required outside of the system (e.g. uploads,
Panel
downloads, inconsistencies between panels etc.).
Subpanel
System audit System/ Database Covers events where a record has been added,
deleted or updated by the system.
Credentials
Tamper Door Relates to all tamper events for panels or doors,
including (but not limited to):
Panel
l Area disabled/enabled
Subpanel
l Lock jammed
l Occupancy count reached
l Panel transaction level reached
User audit Door Where a user makes a change in the UI or in REST,
including (but not limited to):
Panel
l APB requests
Subpanel
l Door-related requests
Intrusion Panel l Intrusion panel requests
System/ Database l Records changed in database
Valid Credential Doors Access was granted to an identity that has access
to the door and has swiped the card. For example,
local grant, Opened unlocked door, Facility code
grant, and more.
Video Video Video-related events, including:
l Connection Loss
l Motion Detected
l Video Loss
Note: The Network and Offline lock event types are no longer in use and have been removed from
the ACM system version 5.10.0 onwards.
Note: System default event types cannot be deleted. You can only delete event types that have
been manually added to the system.
User forms provide a drag-and-drop interface for identity management. For example:
Before you begin, add any new user-defined fields. For more information, see Adding and Assigning Tabs to
Identities with User Fields on page 407.
After you add a new form, see Assigning Tabs to Identities with User Forms below.
After one or more custom forms are created, display them to all ACM operator identities or only specific
identities.
Note: Delegations can restrict operators from editing and viewing the list of assignments.
The custom tab will be displayed to all operator identities. To reverse this change, click .
l For any form type:
o To define the operator identities who can view the form, click Assign and select the identities.
Click to move them from the Available list to the Members list. To reverse these changes,
click to move them back to the Available list. Click Save.
The identity, token or custom tab will not be displayed to all operator identities. Only the
selected operator identities can view it.
2. Click next to the name of the form. The button is not displayed if any identities are assigned to
the form.
3. When the confirmation message is displayed, click OK.
To add user defined fields to the Identities page, you must also add a user defined tab to host the fields.
User defined fields can also be used for advanced searching for identities. For more information, see
Searching for an Identity on page 68.
Tip: It is recommended to add a tab and user-defined fields on the Identities page using identity,
tokens and custom forms in a drag-and-drop interface. For more information, see Adding and
Customizing Tabs with User Forms on page 404.
To remove a field from the tab, select the field from the Members list and click .
b. On the following page, select the field from the Members list then click .
The field is removed from the tab and returned to the Members list.
c. Click .
For example, if you want to add departments that are specific to your organization, you would use this feature
to add those options to the Departments drop down list.
Note: Any changes you make to the lists are automatically included in identity-related collaborations.
3. On the User List Edit screen, enter a new list option in the New Value field and click .
4. Repeat the previous step until all the new values you want are listed in Current Values.
3. To add a new option, enter the new option in the New Value field then click .
The new value is added to the Current Values list.
4. To delete a value, select the option from the Current Values list and click .
Before remote authentication can be configured on the ACM appliance, a system administrator with
privileges on all the servers required to support remote authentication needs to:
l Add one or more external domains
l Add one or more AD or LDAP servers to each domain to the system
l Issue root certificates for each domain
l Enable each remote host to present its SSL certificate on connection to the ACM server software
Configuration of the external domain servers and the creation of their root certificates is outside the scope of
this document.
Secure Socket Layer (SSL) certificates are used to verify the remote hosts and to encrypt all the log in traffic
between connected hosts. Only ACM system operators with administrative privilege and the following
delegations assigned to their role can validate SSL certificates:
l External Domains Validate Certificates—delegation required to validate an SSL certificate from a
Windows AD host
l Collaboration Validate Certificates—delegation required to validate an SSL certificate from an LDAP
database host in a Collaboration using the Identity Pull LDAP server collaboration type
You can set up different identities to be authenticated by different domains. Each identity must be configured
to use one of these domains for authentication. This is done in the Account Information: section on either the
Identity: Add or Identity: Edit panel of the given Identity. For more information, see
Note: To provide maximum security strength for your ACM system, ensure the certificate meets the
U.S. government's National Institute of Standards and Technology (NIST) Special Publication 800-
131A (SP 800-131A) standard.
If your ACM appliance to ACC integration deployment is having trouble connecting, review the
certificate requirements for the two systems. You may need to update the certificate on the ACM
appliance to resolve the connection issues between the two systems.
However, a remote server can present its SSL certificate to the ACM server so that an administrator can
Pinning a certificate allows you to trust a certificate that has not been uploaded from a remote server,
however the responsibility for ensuring that the certificate can be trusted is assumed by the ACM system
administrator who pins the certificate. To ensure that an SSL certificate is valid before it is pinned, the ACM
system administrator should compare the SSL certificate at the remote host to the certificate received from
the remote host to confirm the SHA-256 fingerprints are identical.
1. Configure a Windows domain controller. For an LDAP collaboration, TLS encryption must be activated.
2. Obtain the fully-qualified domain name of the DNS server for remote server's domain.
3. Enable AD Certificate Services.
4. Create a root certificate and a Domain Controller Authentication certificate.
1. Configure a Windows domain controller. For an LDAP collaboration, TLS encryption must be activated.
2. Obtain the fully-qualified domain name of the DNS server for remote server's domain.
3. Enable AD Certificate Services.
4. Create a root certificate and a Domain Controller Authentication certificate.
5. Export the Domain Controller's root CA certificate in Base-64 encoded X.509 (.CER) format. (Do not
export the private key.)
Important: Use OpenSSL to convert the file from .cer format to .pem format before you
upload the file to the appliance.
6. Upload the certificate to the ACM appliance. For more information, see Certificate Upload page on
page 422.
6. Click to display the trust level of this domain. The default setting is "Untrusted".
7. Click Validate Certificate.
Note: The Default Domain and Default Server options are not required for remote
authentication.
11. Click .
12. Repeat the previous steps on each ACM appliance in your system that requires remote authentication.
13. Enable remote authentication for each identity that will be logging into the ACM appliance:
a. Open the Identity:Edit page for a user who will be using remote authentication.
b. Under the Identity tab, select the Remote Authentication? checkbox in the Account
Information area.
c. In theLogin field, enter the user's ACM system login name.
d. In the Remote Domain drop down list, select the external domain that you added earlier.
e. In the Remote Login field, enter the user's Active Directory domain identity. Enter the login
name in this format: username@domain.org.
For example: j.smith@motorolasolutions.com
f. Click .
a. Open the Identity:Edit page for a user who will be using remote authentication.
b. Under the Identity tab, select the Remote Authentication? checkbox in the Account Information area.
c. In theLogin field, enter the user's ACM system login name.
d. In the Remote Domain drop down list, select the external domain that you added earlier.
e. In the Remote Login field, enter the user's Active Directory domain identity. Enter the login name in
this format: username@domain.org.
For example: j.smith@motorolasolutions.com
Now, when this user logs in to the ACM Client, they use their network login name and the password.
Note: Certain user settings in > My Account will override the general settings.
Enhanced Access Indicate that this system will use enhanced access levels for Mercury Security panels.
Level Enhanced access levels allow Mercury Security panels to accept more access groups
per token.
After you enable duplicate PINs, the available Door Mode options are:
l Card Only — This door can be accessed using a card. No PIN is required.
l Card and Pin — This door can only be accessed using both a card and a PIN.
l Facility Code Only — This door can be accessed using a facility code.
WARNING — After duplicate PINs are allowed, this cannot be reversed, and you
cannot use PIN Only and Card or PIN door modes. Only enable this option if you have
a specific requirement for duplicate PINs.
Do the following before allowing duplicate PINs to ensure that no doors are in either
PIN Only or Card or PIN door modes:
Note: The system will check Door Policies, Global Actions, Scheduled Jobs,
Panel Macros, and Interlocks to ensure there is no conflict with duplicate PINS
(e.g. doors are in PIN Only mode). If there are any conflicts these will have to
be corrected before allowing duplicate PINs. If there have been any
previously defined linkages, triggers or interlocks that are based on PIN Only
or Card or PIN event types, they will fail to execute.
Badge Template A new value in pixels to change the default height for displaying the ID photo used for
Photo Height
badge templates on the screen then click .
Note: The system will only apply this setting to new identities.
Identity Auto Enable the system to automatically increments the read-only Sequence Number field
Increment Field on the Identity page.
Note: The system will only apply this setting to new identities.
Identity Auto If you enabled Identity Auto Increment, enter the number the system will start counting
Increment Start
from then click .
Note: The system will only apply this setting to new identities.
Identity Auto If you enabled Identity Auto Increment, enter the value the system uses to increment
Increment Step
the sequence number then click .
For example, if you leave the default value of 1, the identity Sequence Number will
count 1, 2, 3 (etc.). If you enter 2, the identity Sequence Number will count 1, 3, 5 (etc.).
Note: The system will only apply this setting to new identities.
Each user with access to the ACM system will be able to set their own language
preferences from the My Account page. For more information, see Setting Your
Preferred Language on page 477.
Click Translate Default Data to translate all of the system default values into the
selected language. It is recommended that you only perform this action once, or your
reports and logs will display values in multiple languages.
Maximum Active The maximum number of tokens that can be active per identity then click .
Tokens
Maximum Login The maximum number of attempts a user has to log into the ACM system before they
Attempts
are locked out, then click .
The user is locked out of the ACM system for 10 minutes and further login attempts will
result in the lockout time increasing. Authorized operators can reset the password to
bypass the lockout.
The title is displayed under the Access Control Manager banner on each screen, and
the title is used for all messages sent by the system.
System Support
The contact details of your Avigilon support representative then click .
Video Windows The maximum number of video display windows that can be open at the same time,
Count then click .
On this panel, define the default domain and server that hosts the Active Directory database used to
authenticate network users. This enables secure connections and encrypted traffic between the AD server
and the ACM servers and its clients. ACM Client users can then use their local domain username and
passwords to access the ACM system.
Feature Description
Default Select a domain from the drop down list.
Domain
Only the external domains that have been added to the system are listed.
Default Enter the name of the default server in the selected domain.
Server
Validate Check this box to enable the system to validate certificates from remote servers before use.
Certificate
The default setting is not checked. Use the default setting only if you do not need to validate
certificates from remote servers.
CAUTION — Risk of security breaches. When certificate validation is not enabled, certificates
are ignored by the ACM server software. Traffic between the ACM appliance and external
domains is unencrypted and can be easily compromised. To ensure secure connections and
encryption of all traffic, enable the Validate Certificate option on the Remote Authentication tab
of System Settings.
Click this button to save your changes.
Create Click this button to generate a PDF of the values on this page.
New
Report
An external domain must be added before you can use remote authentication. For example, to connect the
ACM system to use your company's Active Directory (AD) to authenticate users, you must add the company
domain server to the External Domains Listing.
You can grant remote authentication access to individual badge holders from the Identity page. For more
information, see Identities on page 65.
Click the name to edit the external domain. For more information, see System Settings -
External Domain: Edit page on the next page.
Delete Click to delete the selected external domain.
Add External Click this button to define a new external domain. For more information, see System
Domain Settings - External Domains Add page below.
Create New Click this button to generate a PDF report of the listed domains.
Report
Certificates Click this button to access the Certificate list.
From this page you can upload one or more certificates to give remote browsers access to
the ACM system.
You must add an external domain to connect to a remote server for user validation using your company's
Active Directory (AD), or using LDAP.
Before you validate the certificate presented by the remote server in the external domain, it is recommended
that you find out the value of the SHA-256 fingerprint of the remote server's certificate. Then you can
compare that value to the one in the certificate displayed in the ACM software.
Feature Description
External Domain Enter the name of this external domain. Never append the extension .lan or
.local
New Server Enter the full-qualified domain name (FQDN) of the server in the external domain
and then click.
You can enter the IP address of the server, although this is not recommended as
it is more likely to change than the FQDN.
Display the current trust level of this domain. The default setting is "Untrusted".
Feature Description
External Domain Enter the name of this external domain. Never append the extension .lan or
.local
New Server Enter the full-qualified domain name (FQDN) of the server in the external domain
and then click.
You can enter the IP address of the server, although this is not recommended as
it is more likely to change than the FQDN.
Display the current trust level of this domain. The default setting is "Untrusted".
Certificates that have been uploaded to the system are listed on this page. Certificates are used by browsers
to confirm that systems are safe for users to access.
Feature Description
Name The name of the certificate file.
Size The size of the certificate file.
Upload The date the file was uploaded.
Date
Click this button to delete the certificate.
Add New Click this button to upload a new certificate for this external domain.
Certificates
Listing
Note: To provide maximum security strength for your ACM system, ensure the
certificate meets the U.S. government's National Institute of Standards and
Technology (NIST) Special Publication 800-131A (SP 800-131A) standard.
Tip: The exported certificate must be converted from .cer format to .pem format by a system
administrator on the AD server before it is uploaded to the ACM server.
There must be a certificate for every server that has been added to the system as part of the external domain.
Feature Description
Upload Certificate Click Browse to locate and select the certificate in the Choose File to Upload dialog
file: box.
Click this button to save your changes.
Badge templates define the layout of badges or cards that are used to access doors within your access
control system. They are created by a qualified operator using the Badge Designer. Multiple badge templates
can be defined in the ACM system.
Select > Badge Designer to access the Badge Templates page. From this page, you can add a new
badge template, or select a badge template to edit, with the Badge Designer.
The Badge Designer is used to design the appearance and content on a badge template. You can add
photos, logos, text, and database fields to a badge template and position these elements on the layout. A
badge template can specify colors and fonts depending on the values provided.
For example, if an employee is specified as part-time, the color used for the employee's name can be
changed from black to orange, making it easier for guards to differentiate between full-time and part-time
employees. You can differentiate identities with different access privileges, such as access to certain
buildings on a campus, or specific floors in a multi-tenant office building, using graphics such as company
logos and insignias, or text.
A badge template is used when a badge is generated for a badge-holder to both format the badge and
populate it with data from the Identities database. At least one badge template to assign to identities must be
created before badges can be printed using Identities > Badge. Badges are usually printed when a person
who requires a badge is enrolled into the ACM system using the Identities feature. When printing the badge,
an enrollment officer or administrator specifies a badge template and then generates (prints) a badge. The
badge has all relevant information automatically placed on the badge.
A badge template defines the basic attributes of a badge that are used when a new badge is generated for
an identity: size and background color, plus a variety of dynamic and static fields and images. Dynamic fields
and images pull the unique information about the badge holder from the Identities database for each
individual badge and static objects are the text strings and graphics printed on every badge. For each object,
you can specify its location and appearance.
Field Image
Dynamic DBField: A data field object Picture:: A picture object specifies the
specifies the information about the size and location of the photo of the
identity that you want on the badge, identity on a badge.
such as first and last name, ID
The actual photo used for an identity
number, title, position, rank and so
when a badge is generated is a photo
on.
saved in the Identities database that
was either captured with a badge
camera, or uploaded, and saved.
Static Text: A text object specifies the text Graphic: A graphic object specifies the
that appears on every badge name of an uploaded graphic file
generated with this template. image file that appears on every badge
generated with this template.
You must create at least one badge template before you can print a badge at Identities > Badge. Depending
on the requirements of your site, you may need one or more badge templates.
Note: Badge templates can be designed as either one- or two-sided. A two-sided badge must be
printed by a badge printer possessing duplex (double-sided printing) capability.
Select > Badge Designer to open the Badge Templates page. From this page, click Add Badge
Template or the name of an existing badge template to open the Badge Designer page.
Formatting the Appearance of a Badge Template
Use the canvas data fields that appear at the top of the Badge Designer page to set the size, color, and other
format details. Next to the canvas data fields is the canvas area, with the preview area beneath that show the
All measurements in the Badge Designer are in pixels, at a resolution of 100 pixels per inch, equivalent to 40
pixels per centimeter.
4. Click OK to close the color picker, then click to apply the background color to the canvas and the
preview.
5. Change the value in the Opacity field only if you want the background color to be semi-transparent or
transparent. For example if you are overprinting badge information on a preprinted badge. Click
to apply the opacity to the preview.
Create a Two-Sided Badge Template
2.
Important: Click to save this setting.
To view the back of the badge, at the top of the page, click Back Side. To view the front of the badge,
at the top of the page, click Front Side.
Adding and Editing Objects
You can add four types of objects to a badge template to define the information that appears on the identity
badges generated by this template:
Object Definition
Picture Dynamic. A photo of the identity supplied by the Identities database. You can have only one
photo per side of a badge.
Data Dynamic. An item of information supplied by the Identities database, such as the person's
Field name. You can have many data fields per side of a badge.
Text Static. Text such as a company name, or slogan to appear on every badge. You can have many
data fields per side of a badge.
Graphic Static. Image files such as a logo, insignia or texture, to appear on the badge, uploaded into the
template. You can have many images per side of a badge.
When you add an object, additional fields for that object appear below, and an appropriate placeholder
appears on the Canvas. You can expand and collapse each object in the list to access its field settings.
1. On the canvas you can position any object by clicking and dragging with the mouse.
2. Select the object in the list to edit its settings.
3. Any change you make to the object's field settings are reflected on the canvas.
4. Click beside an object to delete it from the list. Objects deleted from the list are not deleted from
the canvas until you save changes.
5. Click frequently to save changes and show the result in the Preview.
Tip: Add objects to the Canvas from largest to smallest in size. The Canvas displays objects in
the order they are added not by the Layer Order setting, so large objects can obscure smaller
ones. Save the template to refresh the Preview and see the actual result.
Tip: The default dimensions of the photo on the badge displayed on the screen are defined
by the values set on the System Settings page for Badge Template Photo Height and
Badge Template Photo Width and should not normally be altered here. These two settings
ensure that the size of the photo on all badges printed by this badge template are uniformly
sized and have the same aspect ratio.
To accommodate minor variations in the aspect ratio of individual photos without distortion, enable the
Maintain Aspect Ratio option.
See Fields Common to All Objects below and Fields Common to Picture and Graphic Objects on
page 428.
Adding and Editing a Data Field Object
1 is the lowest layer, 2 is in front of 1 and so on. You can reorder the layers by typing over the
value for each object.
Location Click and drag the object on the canvas, or enter the horizontal and vertical coordinates of the
top left corner.
The default setting of 0 x 0 would place the object in the top left corner, while 80 x 160 would
place the object lower and to the right.
Dimensions Modify the default size of the object (in pixels) if needed.
Tip: Do not modify the size of an identity photo object here. It is better to change the
default values on the System Settings page, as this ensures the same aspect ratio is
used for the dropping overlay when photos are taken with a badge camera and
saved in the Identities database.
The first field is the width and the second field is the height.
Rotation Select the number of degrees to rotate this object clockwise from the dropdown list.
Use the color picker to either select a color from the palette or manually enter the color in RGB,
HSV or hex code format.
Opacity Enter how opaque you want the background color to be, in conjunction with the layer order.
The font list includes text fonts and barcode fonts. Text fonts are listed first, then barcode fonts.
Font Size Enter the font size in points. If Auto Resize is selected, this is the maximum font size.
Auto Select this checkbox to have the system automatically shrink the font size to fit the dimensions
Resize of the object.
Alignment Select how you want the text to align inside the object.
Text Color Click this field to choose a font color.
Use the color picker to either select a color from the palette or manually enter the color in RGB,
HSV or hex code format.
1. When you create a badge template, you can add a barcode by using either of the following options:
l Click Add Text to place a static barcode that will be the same for every badge that is generated
from the template.
l Click Add DB Field to place a dynamic barcode that changes to match the detail listed in the
identity record.
2. After you add the badge object, select a barcode font. The available barcode fonts include Barcode 3
of 9, Barcode 3 of 9 Extended, Aztec Code, Code One and more. The font option lists the text fonts
first and then the barcode fonts.
3. Click to save your changes and display the barcode in the preview area.
Note: Many of these barcodes require a specific format or do not accept certain characters. If the
data given to the barcode generator from the Identities database is invalid, the barcode will not be
displayed on the badge.
Badge templates are used to define the layout of badges or cards that are used to access doors within your
access control system. They are created by a qualified operator using the Badge Designer. Multiple badge
templates can be defined in the ACM system.
This page lists all the badge templates that have been added to the system.
Click the name to edit the badge template. For more information, see Using the Badge
Designer on page 423.
Commands
Click to delete the badge template.
The copy of the badge template is automatically added to the top of the list.
Add Badge Click this button to add a new badge template. For more information, see Using the
Template Badge Designer on page 423.
Note: Some external systems may not be available if your system does not have the required
license.
Before you can connect and use the external systems, the external system must be installed and accessible
to the appliance over the local network.
Important: Before you can add any external system, you must first connect a supported device to
your network or server, and then configure the device as described in device documentation. Write
down the device's IP address and onboard URL. For some external systems, refer to an ACM-specific
integration guide that provides installation, connection and configuration instructions.
See also:
l Step 1: Creating an ENGAGE Site on page 293
l Step 1: Connecting to a SALTO Server on page 302
l Step 1: Connecting to a DMP Intrusion Panel on page 447
See also:
l Editing an ENGAGE Site below
For Bosch intrusion panels, click . Associated items such as linkages and actions, and intrusion
To integrate an ACM appliance, a special identity to interact with the ACC software must be created by an
ACM administrator. This identity must be assigned a special role and delegation with specific rights, and a
routing group that specifies the events that the ACC software receives. Only one identity must be created for
this purpose.
As of ACM 5.10.10.2, a preconfigured role and delegation with the necessary rights are available for this
special identity that is suitable for most integration scenarios. The role and delegation are both called
ACC Administrator. However, if this special identity needs additional rights, you will have to modify the rights
associated with the delegation, or configure a new role and delegation. The routing group has to be
configured, and optionally if you plan to import Active Directory identities through ACM, you will have to
configure remote authentication.
If you are using an earlier version of the ACM appliance, you will need to create your own ACC Administrator
role and delegation with the appropriate rights.
Use the following steps to configure an identity to interact with the ACC software:
Note: To protect the security of the connection between the ACM appliance and the ACC
software, the dedicated identity should have only the permissions outlined in this procedure.
Operators should not have access to this account.
l Assign a Last Name, Login, and Password for the identity. Uncheck the Force Password
Change checkbox.
l The password should meet the minimum password strength requirements for your ACC site.
The password strength is defined by how easy it is for an unauthorized user to guess. It is
highly recommended that you select a password that uses a series of words that is easy for you
to remember but difficult for others to guess.
l Under the identity's Roles tab, assign only the role that was created in the preceding step.
6. If your ACM appliance uses partitions, add the identity as a member of the partitions they will need to
access from the ACC Client.
7. Configure the ACM appliance to use the same NTP Time Server as the ACC Server.
For Windows systems, the ACC Server gets its time from the operating system. For Avigilon Hardened
OS appliances, the NTP Time Server can be configured through the device's web interface.
a. In the top-right corner, click the gear icon to open the Setup & Settings menu and select
Appliance.
b. In the Time Server box, enter the Time Server IP address.
Once these settings are applied, an ACC Client can connect to the ACM appliance. For more information, see
the ACC™ and ACM™ Unification Guide (link).
Next time you create a badge, the selected camera is used to take the identity photo.
External Systems - Defining the Badge Camera for the System 434
External Systems - ViRDI
When you select the ViRDI tab on the External Systems page, the ViRDI System Settings page is displayed.
The ViRDI system allows you to use fingerprint readers for access control, and optionally to use additional
authentication to provide two-way or three-way authentication for increased security. Only one ViRDI system
setting can be configured on an ACM server appliance. If a replication server is deployed for this ACM server
appliance, you can also configure ViRDI system settings for the replication server. After the ViRDI server is
installed, ViRDI Biometrics tokens can be created for identities, and the Biometrics Enrollment Manager can
be accessed to register fingerprints and additional authentication methods for ACM identities.
Fingerprints are registered using the ViRDI FOHO2 fingerprint reader, which can be installed at enrollment
stations. The authentication method (one- two- or three-way authentication) used by the reader for these
tokens is configured using the Biometrics Enrollment Manager (BEM).
This page allows you to create or delete the ViRDI system setting on an ACM server appliance.
Feature Description
Appliance The appliance this server is connected to.
Reserved The default minimum and maximum values are displayed. These values can be adjusted to
User meet the requirements of your system, but must be within the initial default range of 1 to
ID Range
99999999.
Note: If you must modify the range, contact Avigilon customer support for guidance.
Requirements:
l ACM version 5.10.10 installed.
l ACM license for Bosch Intrusion.
l Bosch alarm panel B series (35xx, 45xx, 55xx, 85xx, 95xx) D9412, D7412.
Do the following to configure the Bosch alarm panel before you can connect to the ACM appliance:
Note: The Areas, Points, Outputs and Users are created from the panel, as configured in
Bosch's Remote Programming Software (RPS).
In ACM 6.34 and newer releases, is no longer displayed for manual syncing. Allow a few seconds
for the panel information to be automatically synced ( ) in the ACM system.
Note: The panel will be deleted and will disappear from this view.
Note: Areas are not edited in the ACM system. All editing is done in Remote Programming
Software (RPS) and updated through the panel.
Note: Points are not edited in the ACM system. All editing is done in Remote Programming
Software (RPS) and updated through the panel.
Note: Outputs are not edited in the ACM system. All editing is done in Remote Programming
Software (RPS) and updated through the panel.
Note: Users are not edited in the ACM system. All editing is done in Remote Programming
Software (RPS) and updated through the panel. However, users can be associated to
identities tokens. For more detail, refer to Assigning Bosch Intrusion Panel Users to Identities
below.
Note: It may take several minutes to retrieve user information from the panel.
Bosch intrusion panel users can be assigned to identities in the ACM system. This is done in order to allow
users the ability to arm and disarm areas. This can be done:
l on a one-to-one basis (e.g. user 'Jane Smith' is associated to identity Jane Smith), or
l on a one-to-many basis (e.g. user 'Administration Team' is associated to identities Jane Smith, Robert
Jones and Andrew Wilson).
1. Select Identities.
2. Search for the required identity and select it from the list that displays. For more detail, refer to
Searching for an Identity on page 68.
3. Click the Tokens tab.
Note: In order to save the changes on this page ensure that the Embossed Number and
Internal Number fields relating to the identity are completed.
4. In the Intrusion Users: Available the list select the user to add.
Note: The list displays username, ID of the user and panel name for each user. These details
5. Click .
Note: The username, ID of the user and panel name displays in the Intrusion Users:
Members list. To remove an entry from this list, select the member and click to move
the member to the Intrusion Users: Available list.
6. Click .
Panel Details
B3512 Areas: 1
Custom Functions: 1
Keypads: 4
Events: 127
Points: 16
Programmable outputs: 3
RF Points: 8
SKED Events: 1
Custom Functions: 2
Keypads: 8
Events: 127
Points: 28
Programmable outputs: 27
RF Points: 20
SKED Events: 5
Custom Functions: 4
Keypads: 8
Events: 255
Points: 48
Programmable outputs: 43
RF Points: 40
SKED Events: 5
Custom Functions: 6
Keypads: 8
Events: 1,000
Programmable outputs: 3
RF Points: 88
SKED Events: 6
Custom Functions: 32
Keypads: 32
Events: 10,192
Points: 599
RF Points: 591
SKED Events: 80
Custom Functions: 8
Keypads: 16
Events: 2,048
Points: 99
Programmable outputs: 99
RF Points: 91
SKED Events: 40
Custom Functions: 16
Keypads: 16
Events: 1,000
Points: 246
RF Points: 238
SKED Events: 40
Custom Functions: 4
Keypads: 16
Events: 1,000
Points: 75
Programmable outputs: 67
RF Points: 67
SKED Events: 40
Note: Before you begin, configure the DMP intrusion panel using the DMP Remote™ Link software
before you use the ACM system. Every time you add, update or delete panels in the DMP intrusion
system, the updates are automatically synced with ACM. Areas, zones, and outputs are not edited in
the ACM system. All editing is done in the Remote Link software. Identities (and their tokens) must be
managed in the ACM system.
System Overview
Figure 21: ACM system organization for DMP intrusion panel and devices
2 ACM appliance
4 DMP Remote Link software for the configuration of areas, zones, outputs and users
5 DMP intrusion panel and keypad, including panel battery power, AC power, tamper switch, two
phone lines, wireless sensor, and printer, if installed
6 Outputs, including smoke detectors and fire alarms (graphic annunciators), if installed
7 Areas, including devices that are connected to multiple zones (A, B), if installed
For example, zone A can be connected to a wireless sensor and zone B can be connected to a
keypad on a door.
Prerequisites
Contact your integrator to purchase a 1-panel or 10-panel license. More than one license can be installed on
an ACM appliance.
Note: For general, new or updated instructions about the installation and configuration of the DMP
intrusion system and DMP Remote Link software, refer to DMP system documentation. DMP
firmware version 212, or newer, is required.
In the Remote Link software, save the following DMP panel configuration.
Prerequisites 446
A.C. Power Failure Notification
Optional. To change the default A.C. power failure notification setting (default is 1 hour):
Panel Encryption
Remote Key
Supported Devices
The ACM application is mapped to the physical configuration of DMP intrusion systems as follows.
See See - Up to 100 XR150 and XR550 Series intrusion panels in any
external external combination to each license
system system
Support for areas, zones and other items is dependent on the panel
model. See vendor documentation for the limits.
Note: Before you begin, make sure the DMP intrusion panel is connected to the local network.
Next, see Step 2: Viewing an Installed DMP Intrusion Panel and its Areas, Zones, Outputs and Users on the
next page.
Note: Associated items such as linkages and actions, zones, areas, outputs, identity mapping,
5. Click OK.
Step 2: Viewing an Installed DMP Intrusion Panel and its Areas, Zones, Outputs and
Users
On the DMP Intrusion tab of the external system, do any of the following:
l
Type the name of the object in the filter box ( ) to filter the list.
Click the column heading to sort the list.
l If an area, zone, or output should not be monitored, uninstall it by removing the checkmark.
The status changes to No in the Installed column.
l
Allow a few seconds for the panel information to be synced ( ) in the ACM system.
Note: A token can be mapped to only one intrusion user per panel.
1. Select Identities > Identities and click Search to select an identity already created.
If you need to add an identity, see Adding an Identity on page 69.
Tip: Identities are defined by their DMP user name, ID and DMP panel name.
4. Click .
Generating Reports
To generate the Event Report for intrusion systems:
Step 2: Viewing an Installed DMP Intrusion Panel and its Areas, Zones, Outputs and Users 449
1. Select Reports > Reports.
2. Click Event Report.
Note: Enabling the appliance logs requires these delegations: Appliance Log, Appliance Log
Download, Appliance Log Show, and Appliance Log Update. Contact your support representative to
enable the Debug checkbox, if needed.
3. Click .
Maps - Introduction
Maps are a graphical representation of your access control system. Import maps of your facility and populate
them with door, panel, subpanel, input, output, camera and global action alarm points that can be monitored.
Maps are also used to display Mustering dashboard elements. For more information about setting up a
Mustering dashboard, see Mustering - Creating a Dashboard on page 338.
Note: If you enter a size that matches the image's aspect ratio, the map image is re-
sized accordingly. If you enter a size that does not match the image's aspect ratio, the
system centers the image then crops the sides to match the defined setting.
Tip: As you add more items, each icon is automatically added to the top left corner of
the map. It is recommended that you move each icon immediately to avoid losing track
of each item.
b. In the Map Details area, select what the icon represents. Only items that have been configured
in the system are displayed in the drop down list.
5. Repeat the previous step until you've added all the items that are required.
6. To move an item on the map, click and drag the icon to the appropriate location.
7. To edit what an icon represents, locate the item in the Map Details list and select a new option from
the appropriate drop down list.
8. To delete an item from the map, click beside the item in the Map Details area.
9. Click to save your changes. It is recommended that you save frequently. Saving also causes the
page to refresh, so any changes have not been updated in the preview may appear after you save.
For example, say an operator has detected an alarm in a building. His monitor displays the building's map,
showing the alarmed point, but he needs to get a closer look to confirm the exact position of the alarm. To do
this, he clicks which is linked to a floor view. The floor view map appears with a closer view of the alarmed
point. Once he has taken care of the alarm, he can then click to return to the general building map and
12. From the top left corner of the map, move the icon to the edge of the map to show where the
linked map expands from.
Always use the Zoom In icon to link a map with less detail (such as a building or campus) to a map with
more detail (like a floor or room). The Zoom Out icon is meant to link a detailed map to a wider, less
detailed map.
Use this procedure to create a series of links that progressively bore down to greater and greater granularity,
or telescope up to provide a larger view.
Using a Map
Access a map of your site, facility or floor plan from the Monitor page to do any of the following:
l Monitor the status of doors, panels, subpanels, inputs and outputs that are installed. For example, a
mustering station on the third floor of a building.
l Set the door mode and door commands on the map.
Note: Unlike the Physical Access > Doors or Monitor > Dashboard page which displays
l Keep track of identities as they arrive at muster stations from the Mustering dashboard.
Hardware Status
The following indicators are displayed on the map as events occur:
Viewing a Map
To access and monitor your site from a map:
Note: Fields in this list are dependent on the door or device. Some commands or fields are
not supported for all doors or devices.
Icon Description
Doors
Panels
Subpanels
Inputs
Outputs
Cameras
Zoom In
Zoom Out
Global Actions
Map Actions
The actions you can complete on a map are determined by the permissions of your assigned roles.
To... Do this...
Review The colored bar below each item displays an overview of the current
hardware status communication and power status.
l Click the icon on the map to display the control menu.
For more information about the colored hardware status bar, see the specific
hardware status page. For more information about the status colors, see Status
Colors on page 46.
Review an alarm If you see a red alarm indicator, the item on the map is in an alarm state.
l Click the alarm indicator to see the status details.
For more information about alarm actions, see Monitoring Alarms on page 37.
Modify or delete If you see solid blue disk indicator, an active override is in effect on the door. If
an override you see a hollow blue disk indicator, an inactive override is defined.
l Click the indicator to open the Doors: Overrides page to see details.
Respond to a If you see a red bounding box around the status indicator, the door is in Priority
priority situation Mode.
Control a door Click on the map to display the control menu for the selected door.
Note: Fields in this list are dependent on the door or device. Some
commands or fields are not supported for all doors or devices.
Use the menu options to set the Door Mode. For more information, see Door
Modes on page 213.
Use the following menu options to mask or unmask alarms:
l Mask Held — Mask the Door Held Open Alarm.
l Unmask Held — Unmask the Door Held Open Alarm.
l Mask Forced — Mask the Door Forced Open Alarm.
l Unmask Forced — Unmask the Door Forced Open Alarm.
To view live video, recorded video, notes, instructions, identities, and history
click Trace to display the event transactions for the door.
To hide the control menu, click the icon again.
Control a panel Click on the map to display the panel control menu, then for the panel or
or subpanel subpanel use these options:
l Panels
o Download Params — Download the latest system configurations
to the panel.
o Tokens — Download the tokens to the panel.
o Reset/Download — Reset and download the current system
configuration to the panel.
o APB Reset — Resets all panel and area counts to zero.
o Clock — Re-sync the panel time.
o Trace — Display the event transactions for the panel.
l Subpanels
o Trace — Display the event transactions for the subpanel.
Viewing live video, recorded video, notes, instructions, identities, and history can
be performed on the event transactions.
To hide the control menu, click the icon again.
Control an input Click the on the map to display the input control men for the input.
Use these options to mask or unmask the input:
l Mask — Mask the input.
l Unmask — Unmask the input.
To hide the control menu, click the icon again.
Control an Click the on the map to display the output control menu for the output.
output
Use these options to initiate output actions:
l On — Activate the output.
l Off — Deactivate the output.
l Pulse — Pulse the output.
To hide the control menu, click the icon again.
Display video Click the on the map to display the Camera Video window.
Monitor the If there is a Mustering dashboard configured on the map, it may appear as a line
dashboard of text or as a shape with text inside.
The dashboard displays the number of identities in the area and may include the
name of the area. In Example map of a muster station on the third floor on
page 454, the dashboard is the gray square.
Click the dashboard to see a list of all the identities that are in the area. Click
outside the pop-up dialog to hide the identities list. Click the First Name or Last
Name to view the identity.
Your site may have requirements for your ACM system to support your organization's emergency
procedures. Typical emergency procedures might be for potentially life-threatening situations (such as fires,
tornadoes, earthquakes, physical attacks), and hazardous situations (such as chemical spills, gas leaks,
explosions). Your ACM appliance can provide automated access control of doors connected to Mercury
panels in unpredictable emergency and high-priority situations, including lockdowns and evacuations, to
support your organization's existing operating procedures.
Important: The functionality to respond to high-priority situations is not supported by HID® VertX®
panels. If you only have HID VertX doors at your site, the procedures provided for high-priority
situations using the ACM system do not apply. If you have a mix of HID VertX and Mercury Security
doors, do not include HID VertX doors in any group of doors that are associated to your Priority Door
Policies or Priority Door Global Actions.
If you have Mercury Security doors operating with SimonsVoss SmartIntego wireless locks, refer to
SimonsVoss SmartIntego documentation. The ACM lockdown priority operation is superseded by
the Escape and Return state of the SimonsVoss wireless lock when it becomes engaged in a
lockdown situation.
To respond to a priority situation a Priority ACM Operator activates a Priority Door Policy, which is a
specialized Door Policy that is configured to immediately apply a Priority Mode to a group of doors upon
activation. Optionally, the policy can also set the Door Mode of all the doors to a single value, such as Door
Locked No Access for an emergency lockdown.
While a door is in Priority Mode, it is highlighted in red wherever it appears in the ACM client, such as the
Doors listing page and on maps or dashboards. These doors can be controlled only by Priority ACM
Operator, who have a Priority Role that allows them this control. A Priority ACM Operator can issue
commands to individual doors in Priority Mode to allow safe exit of trapped people, to allow emergency
responders in, or to isolate persons of interest, and so on.
WARNING — Risk of loss of functionality. While a priority situation is active, any configuration change
made to the ACM system may have unintended consequences. To avoid this risk during an active
priority situation, do not allow any ACM operator other than the Priority ACM Operator to make (or
approve) any configuration changes, including changes in unaffected partitions. For more information,
see on page 465
Upon deactivation of the policy, the Priority Mode is removed and the doors return to the door mode they are
configured to be in at the time. To secure this functionality from unauthorized access, it can all be isolated in a
secure Priority Partition.
For example, a Priority Door Policy is configured that overwrites only a subset of the door settings. Some of
those settings are set in the base configuration of a door, and some are reset by the non-priority door policy
that is normally in effect at the time the Priority Door Policy is activated. After the priority situation is over and
the Priority Door Policy is deactivated, the currently scheduled non-priority policy is re-activated and applies
its settings.
The priority door policies or other related priority items you configure to support them in the ACM system
must be:
l Aligned with the emergency procedures in effect at your site.
l Securely isolated so that they cannot be interrupted by lower priority activities.
l Regularly tested and rehearsed to ensure they function as expected, and corrected if they do not.
Note: You can configure Priority Door Global Action pairs. However, Priority Door Global Actions
are not recommended; see Limitations of Priority Global Actions on page 467. Priority Door Global
Actions are specialized Global Actions for doors (the first Priority Global Action applies a Priority
Mode, and optionally sets the door mode to a single known value, to a group of doors upon
activation, and the second Priority Global Action restores those doors to the mode they are
configured to be in at the time).
If you have previously used a pair of Global Actions to respond to a priority situation, consider replacing them
with a single Priority Door Policy, as recommended.
Important: A Priority Door Policy is the most secure way to control access with the ACM system in an
emergency situation. It is also more robust than a Priority Door Global Action. A Priority Door Policy
will stay in effect on the doors it is installed on even if:
While a Priority Door Policy or Priority Door Global Action active, only Priority ACM Operator is authorized to
issue commands to doors in Priority Mode can change the door mode on specific doors (for example to allow
safe exit of trapped people, to allow emergency responders in, or to isolate persons of interest). After the
situation is resolved, you can remove the Priority Door Policy or Priority Door Global Action and all the doors
will return to the mode they normally are in at the current time.
Priority Door Policies and Priority Door Global Actions and the associated door Priority Mode are at the top of
the ACM system's priority hierarchy. For information about the priority hierarchy, see Priority Hierarchy on
page 467.
A Priority Door Policy is created in the same way as any other door policy, with specific settings that define it
as a Priority Door Policy. A Priority Global Action is created in the same way as any other global action, except
that it can only be configured for the Door Mode.
To ensure the security of Priority Door Policies, isolate everything required to manage the Priority Door Policy
in a Priority Partition, accessible only to the Priority ACM Operator responsible for managing the ACM system
during an emergency.
The operators, roles and groups associated with Priority Door Policies must be configured to conform to your
organization’s operating procedures:
l Roles to trigger a Priority Door Policy, and the assignment of those roles to operators, must be defined
so that the policy can be activated only in conformance with those operating procedures.
l Door groups that are affected by a Priority Door Policy must be defined so that they cannot be
inadvertently altered.
1. Priority Partition: A specialized partition that isolates all the functionality required for a secured
response to a priority situation.
2. Priority Role: A specialized role for authorized ACM operators responsible for operating the ACM
system during priority situations. The Priority Role must be assigned the following delegations:
l Policies Set Priority to configure a Priority Door Policy.
l Global Action Set Priority to configure a Priority Global Action.
l Doors Commands During Priority to allow manual control of doors in Priority Mode during a
priority situation
3. Priority ACM Operator: An ACM operator authorized to operate the ACM system during
emergencies. This operator is assigned membership of the:
l Priority Role
l Priority Partition
4. Priority Group: A Group that is a member of the Priority Partition that is reserved to associate doors
with Priority Door Policies.
5. Priority Door Policy: A specialized Door Policy that enables the Priority Mode and, optionally, a single
known value for the Door Mode, to be assigned to a group of doors upon activation. A door in Priority
Mode is highlighted in red wherever it appears in the ACM client, such as the Doors listing page and
on maps, while a Priority Door Policy is in effect.
For the procedure on securely isolating a Priority Door Policy, see Configuring a Secure High-Priority
Emergency Response below.
It is recommended that you define as few Priority Partitions and Priority Door Policies as possible. For
example, do not configure multiple Priority Door Policies with the same settings in the same Priority Partition.
To secure your high-priority emergency response using a Priority Partition, complete the following steps:
A Priority ACM Operator can trigger the installation of priority-enabled policy in response to an emergency,
from an ACM monitoring station:
l
From the Policies list, click in the Installed column next to the name of the Priority Door Policy for
the type of emergency.
l From the map associated with the Priority Partition, click on the global action icon for installing the
Priority Door Policy for the type of emergency.
You can also configure or install ways for other users to trigger an emergency response by the ACM system
using Global Linkages. For example you can:
l Issue priority emergency badges to security personnel to swipe at any card reader.
l Install panic buttons wired in to the access control system at strategic locations.
These configurations are complex and should be planned and completed by a skilled security professional
with detailed knowledge of the ACM system.
During the emergency, the Priority ACM Operator can use the ACM client to issue commands to individual
doors in Priority Mode. This allows the Priority ACM Operator to grant access to emergency responders,
provide safe exits for trapped people, or isolate persons of interest.
If there are ACM system partitions not affected by the active Priority Door Policy, normal operations can
continue in those partitions.
While a Priority Door Policy is active, the Priority ACM Operator must ensure that the Priority Partition is
isolated and all activities affecting the ACM system are under strict control. In the Priority Partition:
l Do not allow anyone other than the Priority ACM Operator to use the ACM client in the Priority
Partition, and limit the number of people using the ACM client in any other partitions (if any).
l Do not activate additional Priority Door Policies.
WARNING — Risk of unpredictable results installing multiple Priority Door Policies. If you install a
second Priority Door Policy while one is already in effect, the latest created policy takes precedence,
which may not be the most recently installed policy. To avoid this risk, never activate a second Priority
Door Policy until after the first policy is deactivated.
l Do not allow any configuration, maintenance, or scheduled maintenance operations.
l Do not activate any Priority Door Global Actions.
The Priority Door Policy is active until it is deactivated. Deactivation restores doors to their normal door mode
for the current time.
The deactivation of an active Priority Door Policy can only be completed from an ACM monitoring station,
regardless of how the policy was triggered:
l
From the Policies list, click in the Installed column next to the name of the active Priority Door
Policy.
l From the map associated with the Priority Partition, click on the global action icon for uninstalling the
active Priority Door Policy.
WARNING — There is a risk that, while a Priority Global Action is in effect, doors in priority mode can be
returned to the mode they normally are in at the current time. Any action that interrupts the functioning of the
ACM appliance or the door panels will terminate a Priority Global Action on the doors affected by the
interruption. Some examples of actions that can cause this are:
l Failover of the ACM appliance
l Reboot of the ACM appliance or a door panel.
l Network disconnection, or a site-wide power recycling or outage.
l Change to any door attribute on the Doors editing page while a door is in priority mode.
l Reset/Download from the Panel Status page.
l Scheduled job or global linkage for a door bulk update.
WARNING — There is a risk that not all doors in a large number of doors set to Priority Mode will correctly
return to their normal operating state when a Priority Global Action is used to restore a large number of doors.
To avoid this risk, when you define a Priority Global Action for doors, also define a group of doors containing
all the doors associated with that Priority Global Action, and then to restore the doors to their normal
operating state:
l Navigate to the Doors listing page.
l Filter the list of doors by the group associated with the Priority Global Action.
l Select all the doors in the group.
l Click the Door Action button and select Restore from the drop-down list.
WARNING — Risk of unpredictable results using Priority Global Actions in either a peer-to-peer replication or
hot-standby environment:
l Priority Global Actions executed on one appliance are not mirrored on the other appliance. When a
global action is executed on one appliance, it only affects the doors that are connected to that
appliance.
l While a Priority Global Action is in effect, and there is a failover to the hot-standby appliance, affected
doors can be returned to the mode they normally are in at the current time.
To avoid these risks, use a Priority Door Policy. Priority Door Policies installed on one appliance in either a
peer-to-peer replication or hot-standby environment are mirrored on the other appliance.
Priority Hierarchy
There are three priority levels for door mode changes in the ACM software. Within each level, the possible
actions also have an order of precedence. A change to a door state that has a higher priority and precedence
Commands such as Grant issued directly in the ACM client have the highest priority, and can be activated at
any time. For example, during a lockdown priority situation, when all doors are automatically locked, the
Priority ACM Operator can grant access to specific doors from the Maps page or the Door list page for first
responders.
The above three Medium priority changes supersede each other when
sequentially applied. Any one of them will supersede an Override command.
Override
Macro/Trigger
Base Mode
Door template
To set up a panic button or red card that locks down a door in a high priority situation and releases the locked
door after the lockdown issue is resolved:
1. Add a Policy to trigger the panic button and add another policy to release it.
Example:
Name
2. Panic button only. Choose a method to associate each policy with the subpanel, input or output.
l Add a Global Action to activate the panic button and add another global action to deactivate it.
Associate those actions with the policy by moving them to the Members list.
Example:
Actions tab:
Name Members
3. Red card only. Add a Global Linkage to associate each lockdown policy with an identity and its token
on the Devices, Events and Tokens tabs. Move the input or output, door event and token to the
Members list.
Example:
Devices tab:
Events tab:
Name Members
Tokens tab:
4. When a lockdown situation arises, activate the lockdown policy for the panic button or red card by
pressing the panic button or swiping the red card on the reader, respectively.
5. When the lockdown situation is resolved, deactivate the lockdown policy.
On the Policies list, click next to the lockdown policy.
Example:
Name
Note: Overrides are only supported on Mercury panels using firmware 1.27.1 or later. Your current
version of the ACM software includes compatible firmware you can download to your panels. You
can create up to 100 overrides on a single panel.
Use overrides to apply a temporary one-time change to the normal door mode of a selected set of doors. For
example, to extend or delay opening or closing hours, or for closing on a snow day. Overrides can be
scheduled to take effect immediately, or in advance (for example, for a one-time occurrence such as an all-
access event next week in a normally locked room). When an override ends, the door or doors each return to
the mode they are supposed to be in according to their schedule at that time. Overrides are not recurring. For
almost all purposes, an override should be deleted as soon as it has ended as there is a maximum number of
overrides per panel.
Override functionality is designed to work best with your regular door schedules. Overrides have a medium
priority-level in the ACM priority hierarchy and many higher-priority actions take precedence. For more
information about this hierarchy see Priority Hierarchy on page 467. For example a manual command to a
specific door, or a priority lockdown command to a set of doors, takes precedence. If a priority lockdown
occurs while an override is in effect, the priority lockdown becomes active. After the priority lockdown has
been cleared by the Priority ACM Operator, the override becomes active on the doors if it is still in effect,
otherwise each door returns to its regular schedule for that time.
On Mercury panels using firmware earlier than 1.29, an override starts and ends at the beginning of the
minute of its scheduled time. On Mercury panels using firmware 1.29 or later, an override starts at the
beginning of the minute and ends at the end of the minute of its specified time. Time overlaps are not
supported. For example, you can specify 1:00 - 1:30 and 1:31 - 1:59 overrides.
Important: You can only add an override to doors you are authorized to access that are on the same
ACM server. However, you can modify or delete any override, and your changes will apply to all the
doors in the override, including doors you are not normally authorized to access. If partitioning is
used in your ACM system and you expect users authorized for specific partitions to modify an
override, define individual overrides for each partition rather than a single override that spans
multiple partitions. Otherwise, users can modify overrides that affect doors they cannot see and be
unaware of any changes.
Adding an Override
You add an override by selecting a set of doors on the Door list, clicking the Override control button,
specifying the door mode, and the start and end times of the override.
To add an override:
Note: The Pin Only and Card or Pin door modes are not available if the Allow duplicate PINs
option has been selected on the System Settings - General page.
5. Specify the date and time settings for Start Day/Time and End Day/Time. Both are required. Time is
specified to the minute. On Mercury panels using firmware earlier than 1.29, the override begins and
ends at the beginning of the minute you specify. On Mercury panels using firmware 1.29 or later, an
override starts at the beginning of the minute and ends at the end of the minute of its specified time.
Time overlaps are not supported. For example, you can specify 1:00 - 1:30 and 1:31 - 1:59 overrides.
Tip: To start an override immediately, click Now in the Start Day/Time pop-up window.
Important: The date and time the override is active is based on the settings at the controller
panel for the doors, not the ACM server. If your ACM server is in a time zone ahead of the time
zone of your ACM client and the doors and panels you control, you may see an error message
that the override occurs in the past. You can ignore this error message if your settings in the
local time zone are correct.
You can access a list of all overrides for a specific door from the Doors page.
l A blue disk in the Override column for a door indicates overrides are defined for the door. The disk
has two states:
o : An override is currently active.
o
: An override is defined, but not active. An inactive override can be an override that has been
completed but not deleted, or an override that has not yet started.
l Click the disk to open the Doors: Overrides page listing all the overrides for that door.
Tip: Completed overrides must be manually deleted. Overrides are intended to be temporary
actions for use on an as-needed basis. Most overrides should be deleted as soon as they are
completed and no longer needed. Keep only override definitions that are highly likely to be re-used
as defined, with only the start and end time and date settings modified.
Monitoring Overrides
Use the Maps feature to monitor overrides on doors. When a door that is displayed on a map is included in an
override, the status indicator for the door is updated to display a blue disk. The disk indicates overrides are
defined for the door. The disk has two states:
For example, if an override is active on a door, a solid blue disk is displayed next to the green bar:
1. Click on the override name in the Name column to open the Override: Edit page.
If partitions are used, and doors you cannot see are included in the override "One or more doors in this
override are in partitions you cannot see. These doors will be affected by your changes if you
continue." is displayed. You can modify all the override settings, but only add or remove doors that you
are authorized to see.
2. Make the modifications you need.
l All settings can be modified if partitions are not used in your ACM system.
l In the Doors Selected section, you can add doors to the override by highlighting them in the
Available list and moving them to the Members list.
3. Click Save.
To edit the base settings of any door in the override:
l Click on the door name in the Selected column.
Changes made to the base settings do not take effect until the override expires.
To delete an override:
l
Click .
The time the override is deleted is logged by the system. When an active override is deleted, the door
or doors each return to the mode they are supposed to be in according to their schedule at that time.
Modifying an Override
To modify the override:
1. Select the door action or door mode you want applied to all the doors in the override:
l Disabled — Stops the doors from operating and allows no access.
l Unlocked — Unlocks the doors.
l Locked No Access — Locks the doors.
l Facility Code Only — This door can be accessed using a facility code.
l Card Only — This door can be accessed using a card. No PIN is required. See Appendix:
pivCLASS Configuration on page 529.
l Pin Only — This door can only be accessed by entering a PIN at a keypad. No card is required.
l Card and Pin — This door can only be accessed using both a card and a PIN.
l Card or Pin — This door can be accessed either by entering a PIN at a keypad or by using a
card at the card reader.
Note: The Pin Only and Card or Pin door modes are not available if the Allow duplicate PINs
option has been selected on the System Settings - General page.
Important: If partitions are used, only doors that are not in any partition or are in the partitions
you are authorized to see are displayed in the Doors Selected list.
3. Specify the date and time settings for Start Day/Time and End Day/Time. Both are required. Time is
specified to the minute. On Mercury panels using firmware earlier than 1.29, the override begins and
ends at the beginning of the minute you specify. On Mercury panels using firmware 1.29 or later, an
override starts at the beginning of the minute and ends at the end of the minute of its specified time.
Time overlaps are not supported. For example, you can specify 1:00 - 1:30 and 1:31 - 1:59 overrides.
Tip: To start an override immediately, click Now in the Start Day/Time pop-up window.
Important: The date and time the override is active is based on the settings at the controller
panel for the doors, not the ACM server. If your ACM server is in a time zone ahead of the time
zone of your ACM client and the doors and panels you control, you may see an error message
that the override occurs in the past. You can ignore this error message if your settings in the
local time zone are correct.
6. Click Save.
To set up your personal preferences, select > My Account from the top-right. Navigate through the
tabbed pages and edit the details as required. The tabbed pages include:
l Profile: use this page to edit your account details and preferences.
l Batch Jobs: use this page to view the batch jobs that have been run from your account.
l Job Specification: use this page to add, edit, activate/ deactivate, or delete batch jobs.
3. Click Save.
4. Log out and log back in.
Note: The online help is provided only in English (US), French, German, Italian and Spanish. If
you set your system to a language other than these five languages, English (US) online help will be
the default.
From the Job Specification page, you can create the following batch jobs:
There are no length limits on any batch reports generated in the CSV spreadsheet format. In PDF format, the
Audit Log report is limited to 13,000 records, the Identity Summary Report is limited to 100,000 records, and
the Transaction Report is limited to 50,000 records.
WARNING — Risk of system becoming unusable. Scheduling large reports on separate but overlapping
schedules, may cause memory problems that can result in the ACM system being unusable. To avoid this risk,
schedule the start times for large reports, such as audit logs in any format, to allow for each report to finish
before the next starts.
11. To activate or deactivate this job, select the job and click Activate/Deactivate
After you make changes to an identity profile, the identities previously created from the identity profile are
not automatically updated. Using a job specification and scheduling the job is one of the ways that these
changes can be applied.
Note: A group containing all of the identities previously created from the identity profile must be
created before the changes can be applied to the group. If the required groups have not been
created, contact your System Administrator.
When you choose to create an Identity Update job, you have the option to apply a new, updated or temporary
identity profile to the group.
A temporary door template is one that is applied for a specific period of time (either once or repeating) You
can apply a temporary door template to a group by using the Off Identity Profile option. Once the new identity
profile expires, the original identity profile is applied.
10. To activate or deactivate this job, select the job and click Activate/Deactivate.
Create and schedule a Door Update batch job to apply a new, updated or temporary door template to all of
the doors in a predefined group.
After you make changes to a door template, the doors previously created from the door template are not
automatically updated. Using a job specification and scheduling the job is one of the ways that these changes
can be applied.
When you choose to create a Door Update job, you have the option to apply a new, updated or temporary
door template to the group.
A temporary door template is one that is applied for a specific period of time (either once or repeating). You
can apply a temporary door template to a group by using the Off Door Template option. Once the new door
template expires, the original door template is applied.
Note: The global actions must be created before they can be scheduled. If the required global
actions have not been created, contact your System Administrator.
Note: If you selected an Off Global Action, you will have the option to enter when the Off
action occurs. Otherwise, only the On field is displayed.
8. Click Next.
A summary is displayed.
9. Click Submit to create this job.
10. To activate or deactivate this job, select the job and click Activate/Deactivate.
Note: If you selected an Off Door Mode, you will have the option to enter when the Off action
occurs. Otherwise, only the On field is displayed.
8. Click Next.
A summary is displayed.
9. Click Submit to create this job.
Permissions Rights
Monitor Listing
Spork Search
Maps-Alarms Show
Get Photo
Doors Disable
Doors Unlock
Doors Lock
Doors Restore
Maps Show
Maps Trace
Control the assigned Bosch intrusion panels Bosch Intrusion Area Disarm
Control the assigned DMP intrusion panels DMP Intrusion Area Bypass Instant Arm
Cameras Login
Add new identities. Cannot update fields after initial identity Identities My Account
setup
Identities Listing
Identities Show
Identities New
Identities Create
Identities Edit
Force the identity to change the password at the next login to Force Password Change
the ACM system.
Tokens Show
Tokens New
Tokens Create
Tokens Edit
Tokens Update
REST call to list canned macros by the distinguished name (dn) Canned Macros Show
of the door, input or output
Report Show
Grant Access/Report
Reports New
Reports Create
Reports Destroy
Doors Show
Interlocks Listing
Doors Policy
Firmware Listing
Macro Commands Show
Panels Show
Triggers Listing
Areas Show
Doors New
Doors Edit
Doors Create
Doors Update
Doors Grant
Interlocks New
Interlocks Create
Interlocks Edit
Interlocks Update
Doors Disable
Doors Unlock
Doors Lock
Doors - Reset
Doors Restore
Doors Transactions
Firmware New
Firmware Create
Firmware Apply
Panels Edit
Panels Create
Panels Update
Triggers New
Triggers Edit
Triggers Create
Triggers Update
Area Edit
Area Create
Area Update
Interlocks Delete
Firmware Delete
Panels Delete
Triggers Delete
Events Show
Events Edit
Events Create
Events Update
Roles Show
Policies Listing
Policies Show
Groups Show
Delegations Show
Partitions Show
Roles Edit
Roles Create
Roles Update
Roles Delete
Roles Assign SO
Policies New
Policies Edit
Policies Create
Policies Update
Groups Edit
Groups Create
Groups Update
Delegations Edit
Delegations Create
Delegations Delete
Delete Policies, Groups, Access Groups, Routing Groups, Area Policies Delete
Elevator Access Levels
Door Policies Delete
Policies Delete
Groups Delete
Appliances Show
Routes Listing
Routes Show
Appliances Edit
Appliances Create
Appliances Update
Routes Edit
Routes New
Routes Create
Routes Update
Appliance Log
Appliance Failover
Appliance Failback
Routes Delete
Schedules Show
Holidays Listing
Holidays Show
Schedules Edit
Schedules Create
Schedules Update
Holidays New
Holidays Edit
Holidays Create
Holidays Update
Holidays Delete
View User Fields and User Lists User Defined Tabs Listing
Add and modify User Fields and User Lists User Defined Tabs New
Delete User Fields and User Lists User Defined Tabs Delete
Add and modify badge templates in the Badge Designer Badge Templates New
Badge Template Preview
Exacq Show
Avigilon Show
Exacq Update
Avigilon Update
Certificates Edit
Certificates Listing
Certificates New
Certificates Show
Certificates Update
Maps Show
Maps Edit
Maps Create
Maps Update
Collaboration Show
Collaboration Edit
Collaboration Create
Collaboration Update
View account details, batch jobs, and job specifications Identities MyAccount
Create, edit, and delete batch jobs and job specifications Batch Job Specification Edit
Events
To view events, do one of the following:
l Select Monitor > Events and search for events.
l Select Physical Access > Doors, the door name and then the Transactions tab.
Note: The default event names and event types in this section may be customized in your ACM
application. For more information, see Customizing ACM System Events on page 331.
Appliance Events
Source Type: Appliance
Event Description
System
CPU Load High The five-minute CPU load average across all threads is running at a high
level.
CPU Load Normal The five-minute CPU load average across all threads is running at a low-to-
medium level.
Database Disk Space Low Less than 10% (inclusive) of free disk space is available in the database disk
partition.
Database Disk Space Normal More than 10% of free disk space is available in the database disk partition.
Network Port 1 Link Down The link is down for network port-1 on the appliance.
Network Port 1 Link Normal The link is up for network port-1 on the appliance.
Network Port 2 Link Down The link is down for network port-2 on the appliance.
Network Port 2 Link Normal The link is up for network port-2 on the appliance.
Programs Disk Space Low Less than 5% (inclusive) of free disk space is available in the programs disk
partition.
Programs Disk Space Normal More than 5% of free disk space is available in the programs disk partition.
System Memory Low Less than 10% (inclusive) of system memory (RAM) is available on the
appliance.
System Memory Normal More than 10% of system memory (RAM) is available on the appliance.
Troubleshooting 515
Door Events
When a door is not operating as expected, review the event transactions.
Note: The event transactions depend on events that are sent from locks and devices over various
technologies. Allow time for the events to appear in the ACM application.
Communications
Door service was offline The audit buffer got full before audits could be Control locks, LE, LEB,
before system audit retrieved from the lock. NDE, NDEB, RM, RU
Out of Sync The door is out of sync with the DSR and ACM ASSA ABLOY IP doors
system.
Door held masked A door held masked event occurred. ASSA ABLOY IP doors
Door held open A door held open event occurred. ASSA ABLOY IP doors
and Schlage AD-400,
LE, LEB, LE (RSI mode),
NDE, NDEB, RM, RU
Door held unmasked A door held unmasked event occurred. ASSA ABLOY IP doors
Forced Door
Forced door masked A forced door masked event occurred. ASSA ABLOY IP doors
Forced door unmasked A forced door unmasked event occurred. ASSA ABLOY IP doors
Invalid Credential
Attempt to open Locked Access was attempted when the door mode was ASSA ABLOY IP doors
Door set to Locked No Access.
Duress Detected - Access A duress code was detected at the door, and Mercury doors with PIN
Denied therefore, access was denied. keypad
Expired Card Attempt No access granted when an expired token was ASSA ABLOY IP doors,
swiped at the reader. Control locks, LE, LEB,
NDE, NDEB
For LE, LEB, NDE and NDEB locks. In the
Deactivate Date field, the token expires at the
start of the specified hour. For example, if
17:00:00 is specified, the token expires at
16:00:00.
Invalid Card - Before An invalid card was detected before its activation. Schlage AD-400 and
Activation LE (RSI mode)
Invalid card format An invalid card format occurred. Schlage AD-400 and
LE (RSI mode)
Invalid Card Schedule Access was attempted outside of the allowed Any door
date and timed access for the identity.
Unknown card The swiped card is not known to the door ASSA ABLOY IP doors
because the token was not downloaded. and Schlage AD-400
and LE (RSI mode)
Invalid PIN code has been The card was not granted access to the door due Any door
entered to an invalid PIN code.
Valid card at an A valid card was presented at an unauthorized Schlage AD-400 and
unauthorized reader reader. LE (RSI mode)
Maintenance
Door has been restored The door mode or custom mode has been SALTO online door
restored.
Magnetic Tamper A magnetic tamper event occurred. LE, LEB, NDE, NDEB,
RU, RM
Token capacity exceeded A token cannot be added due to the lock capacity. ASSA ABLOY IP doors,
Schlage ENGAGE locks
Power
Door Critical Battery The battery power supply was running critically ASSA ABLOY IP doors,
low on the device. Control locks, LEB,
NDEB, RM, RU
Door low battery The battery power supply was running low on the ASSA ABLOY IP doors,
device. Control locks, LEB,
NDEB, RM, RU
System
Door has been added For Offline Wi-Fi locks. The lock on the door has LE, LEB, NDEB
been externally commissioned through the
ENGAGE gateway application.
Door has been locked The door has been locked. Any door
Door has been unlocked The door has been unlocked. Any door
Door in card only mode A door in Card Only mode was detected. Schlage AD-400 and
LE (RSI mode)
Escape and Return Unlock The Escape and Return mode is active (Exit SALTO doors with no
Active Leaves Open or Toggle and Exit Leaves Open control unit
door mode).
Escape and Return Unlock The Escape and Return mode is inactive (Exit SALTO doors with no
Inactive Leaves Open or Toggle and Exit Leaves Open control unit
door mode).
Host Rex, Door not used A request to exit was initiated but the door was Schlage AD-400
not used.
Host Rex, Door used A request to exit was initiated and the door was Schlage AD-400
used.
Host Rex, Non-verified A request to exit was initiated (non-verified). Schlage AD-400
Host Rex, Use Pending A request to exit was initiated and door use is Schlage AD-400
pending.
Rex Pressed, Door used The door handle was used. ASSA ABLOY IP,
Mercury Security, HID,
SALTO and Schlage IP
doors; LE (RSI mode)
Tamper
Bluetooth Tamper - Door A Bluetooth configuration device was connected Control locks, LEB,
to the door, which caused the door to disconnect NDEB, RM, RU
from the gateway.
Keyswitch A physical key was used to access the door. ASSA ABLOY IP and
Schlage AD-400
Reader/Device Tamper A tamper event occurred in any of: Control locks, LEB,
NDEB, RM, RU
l The reader or linked device.
l The cover of the crash bar or push bar.
User audit
Door grant request A door grant request was initiated. Schlage AD-400 and
LE (RSI mode)
Valid Credential
Keypad Code Grant The correct access code was entered at the door SALTO online doors
that is configured for Keypad Only door mode.
Invalid key The access code on the key is no longer valid. SALTO online doors
Local Grant Access was granted to an identity that has access Any door
to the door and has swiped the card.
Local Grant - Duress - Not Access was granted to an identity that has access Mercury doors with PIN
Used to the door and has not entered a duress keypad keypad
code or duress PIN during a security situation.
Local Grant - Duress - Used Access was granted to an identity that has access Mercury doors with PIN
to the door and has entered a duress keypad keypad, SALTO online
code or a duress PIN during a security situation. doors
System
Communications
Maintenance
Dogging mechanism failure The latch hook in the push bar did not release and RU
requires intervention by personnel to unlock the door.
Latch mechanism failure The latch bolt did not retract during exit and requires RU, RM
intervention by personnel.
System
Unlock on next exit request The ACM system sent an Unlock on next exit request to RU
the door.
Tamper
Door has been locked The door in DNE state was locked by personnel using the RU, RM
manually hex key.
Door has been unlocked The door was unlocked by personnel using the hex key RU, RM
manually and pressing the push bar.
Door security compromised The latch in the push bar was not extended due to RU, RM
tampering of the closed door.
Unlock on next exit (manual) The latch in the push bar was retracted by personnel RU, RM
using the hex key, which sets up the door to be unlocked
by the next person who presses the push bar.
Intrusion Events
DMP Intrusion Events
Source Type: DMP Intrusion Area, DMP Intrusion Output, DMP Intrusion Panel, DMP Intrusion User, DMP Intrusion Zone
Event Description
DMP Area armed (All areas armed) All areas in the system were armed.
DMP Late to arm The area was armed outside of the schedule assigned to the area.
Event Description
- -
Event Description
DMP * * AMBUSH * * A silent alarm was initiated by a user during an emergency situation.
DMP A.C. power restored The A.C. power was restored to the panel.
DMP ALERT: System recently An alarm message was generated within five minutes of the panel
armed being armed. Informs the central station that the panel was armed
before the alarm occurred.
DMP ALERT: Unauthorized Entry An area was disarmed by a user outside of their scheduled access
time. Access setup is dependent on the hardware model.
DMP Communication line level The panel detected that communication to the cellular tower was
restored restored.
DMP Late to Close The system was not armed at its scheduled closing time.
DMP Lockdown cleared A lockdown was cleared, either using the keypad by a DMP user or
remotely by a Remote LInk user.
DMP Lockdown initiated A lockdown was issued in an emergency situation to lock all doors
designated as public, either using the keypad by a DMP user or
remotely by a Remote Link user.
DMP Receiver EEPROM Error The panel detected an Electronically Erasable Programmable Read
Only Memory (EEPROM) error in equipment, such as a printer or line
card.
DMP Service Code Start A service authorization code was entered by service personnel
before accessing panel operations or programming. An
authenticated code can be used for 30 minutes before requiring
authentication again.
DMP Service Code Stop The service authorization code must be authenticated again (30
minutes have elapsed).
DMP Standby battery restored The panel battery voltage was restored to greater than 12.6 VDC at
the last battery test.
DMP TROUBLE OVERRIDE A system trouble message was acknowledged by a DMP user who
selected OKAY when arming the system.
DMP Telephone line 1 restored The panel detected that its main telephone connection is operational.
DMP Telephone line 2 restored The panel detected that the second telephone line is operational.
DMP WARNING: A.C. power failure The main A.C. power is not present or is less than 85% of the
expected voltage. The warning is sent after the expiration of the
panel programmed delay time.
DMP WARNING: Alarm bell The panel's main bell circuit was silenced by a code entry at a panel
silenced keypad.
DMP WARNING: Low The panel detected that communication to the cellular tower was
communication line level missing for more than 180 seconds.
DMP WARNING: Low standby The standby battery fell below 11.9 VDC. The battery is tested at 15
battery minutes past each hour.
DMP WARNING: Telephone line 1 The panel detected that its main telephone connection is
trouble disconnected or is non-operational.
DMP WARNING: Telephone line 2 The panel detected that the second telephone connection is
trouble disconnected or is non-operational.
Intrusion Panel Command Request A request was generated in the ACM application to update the
intrusion panel, area, zone or output configuration.
DMP ContactID, DMP Equipment Added, DMP Equipment Adjusted, DMP Equipment Removed, DMP
Equipment Repaired, DMP Equipment Replaced, DMP Equipment Test
Event Description
DMP Access denied - anti- Door access in an anti-passback area was denied to a user (an identity
passback in ACM) who did not use the proper door to exit an area they had
previously accessed.
DMP Access denied - armed area Door access to an armed area was denied to a user (an identity in
ACM).
DMP Access denied - inactive Door access was denied to an inactive user (an identity in ACM).
user
DMP Access denied - invalid area Door access was denied to a user (an identity in ACM) trying to access
an area that is not assigned to their user code or profile.
DMP Access denied - invalid Door access was denied to a user (an identity in ACM) using an invalid
code user code, or if the two man (person) rule configuration is enabled, the
second code was not entered or the same code was entered twice.
DMP Access denied - invalid time Door access was denied to a user (an identity in ACM) trying to access
an area at a time that is outside all schedules in all profiles assigned to
the user.
DMP Access denied - invalid user Door access was denied to a user (an identity in ACM) trying to access
level/profile a door that is not enabled in any profile assigned to the user.
DMP Door access Door access was provided to a user (an identity in ACM).
DMP Shift 2 schedule change A shift schedule was changed by a DMP user.
DMP Shift 3 schedule change A shift schedule was changed by a DMP user.
DMP Shift 4 schedule change A shift schedule was changed by a DMP user.
DMP User code added A user code was added by a DMP user.
DMP User code inactive For XR550 only. A user code expired after a period of inactivity.
Event Description
DMP Dirty smoke detector A 'dirty smoke detector' service message was sent for the zone.
DMP Zone alarm A burgulary, carbon monoxide, fire, or generic alarm occurred in a
zone (for example, east warehouse).
DMP Zone failed A 'zone failed' message was sent for the zone.
DMP Zone faulted A 'zone faulted' message was sent for the zone.
DMP Zone force armed A 'zone force armed' message was sent for the zone.
DMP Zone low battery A 'low battery' message was sent for the zone.
DMP Zone missing A 'zone missing' message was sent for the zone.
DMP Zone restored A zone was restored to the expected condition from a bad condition.
DMP Zone tamper A 'zone tamper' message was sent for the zone (for example, a
wireless keypad tamper).
DMP Zone trip count The number of zone trips was sent for the zone.
DMP Zone trouble A 'zone trouble' message was sent for the zone (for example, a
wireless keypad tamper).
DMP Zone verified A 'zone verify' message was sent for the zone.
Panel Events
Source Type: Panel
Communications
Maintenance
Maximum panel schedule The maximum number of schedules configured ASSA ABLOY DSR,
count exceeded for a panel has been exceeded. Mercury Security panel,
SALTO server, Schlage
For Mercury Security and ASSA ABLOY IP-
ENGAGE gateway
enabled doors, the limit is 255 schedules. For
(IP and RSI mode)
Schlage IP/PoE mode doors, the limit is 16
intervals in all schedules combined. For SALTO
doors, the limit is 1024 schedules.
Panel Firmware Download A panel firmware download request has started Mercury Security panel
Started in the ACM application.
Panel Full Parameter A panel parameter download request has Mercury Security panel
Download Started started in the ACM application.
Panel Full Token Download A panel token download request has started in SALTO server
Started the ACM application.
Panel sync request A panel sync request has completed in the ACM SALTO server
completed application.
Panel sync request started A panel sync request has started (and not SALTO server
completed yet) in the ACM application.
Tamper
Panel transaction limit The maximum number of transactions Mercury Security panel
reached configured for the subpanel was reached.
User Audit
Key Assignment completed A key was assigned to a token in the ACM system. SALTO doors
Key Assignment started A key assignment to a token was started in the SALTO doors
ACM system.
Key Update completed A key update was completed in the ACM system. SALTO doors
Key Update started A key update was started in the ACM system. SALTO doors
Subpanel Events
Source Type: Subpanels
Communications
System Events
Source Type: System
Event Description
CSR Created An SSL certificate signing request (CSR) was created in the ACM application.
Expired Transactions The expired transactions were removed from the appliance when the
Removed threshold was reached. For more information, see the Max Days Stored
setting.
New Cert Generated A new SSL certificate was generated in the ACM application.
New Cert Taken Into Use A new SSL certificate was applied to the appliance.
New Cert Uploaded - Failure The new SSL certificate was not uploaded to the appliance.
New Cert Uploaded - The new SSL certificate was uploaded to the appliance.
Success
Transaction log exceeded The transactions stored in the appliance have exceeded 85% of the
85% maximum stored transactions threshold.*
Transaction log exceeded The transactions stored in the appliance have exceeded 95% of the
95% maximum stored transactions threshold.*
Transaction log exceeded The transactions stored in the appliance were purged. For more information,
threshold see the Max Stored Transactions setting.*
Note: Enabling the appliance logs requires these delegations: Appliance Log, Appliance Log
Download, Appliance Log Show, and Appliance Log Update. Contact your support representative to
enable the Debug checkbox, if needed.
3. Click .
Note: Refer to this information only if you are installing ACM and are required to use the Federal
Information Processing Standard (FIPS) 140-2 certified cryptographic module and pivCLASS solution
for FIPS 201-2 certified sites.
Overview
This section is intended for ACM operators who are using the pivCLASS application, authentication module
(PAM) and pivCLASS readers to validate the authenticity of Personal Identification Verification (PIV) and PIV-
Interoperable (PIV-I) cards. The NIST cryptographic functionality enables ACM™ system to comply with FIPS
140-2 requirements.
The FIPS-certified crytographic module and pivCLASS readers are supported on all ACM platforms.
Prerequisites
Partners who install the pivCLASS application, authentication module (PAM) and pivCLASS readers are
recommended to take pivCLASS software and public key infrastructure (PKI) at the door certification training.
For more information, see Genuine HID Academy Learning Center.
Note: The panel cannot be reconfigured after this setting is selected. To accept any other card
format other than large formats, delete it and re-add it to the ACM system.
Enabling Large Encoded Card Format and Embedded Authorization on Panels 530
Updating Firmware
To update the firmware of the Mercury LP4502 panel:
1. On the Panels list, select the panel and then on the Status tab, click Firmware.
2. To add support for the authentication module on the panel, install the pivCLASS-Embedded-Auth_
Pkg_05_10_27_#145.crc firmware version.
To remove the authentication module from the panel, install the pivCLASS-Embedded-Auth-
Removal_Pkg_01_00_00_#14.crc firmware version.
3. To verify the installation of the firmware, review the panel status page which shows the name and
version of the pivCLASS package along with the authentication module and firmware versions.
4. For pivCLASS embedded AAM for Mercury LP4502 only. After the firmware is installed, you must
configure communication between the panel and pivCLASS service. For more information about
configuring the pivCLASS-Embedded-Auth fields on the Configuration Manager for the panel, refer to
Mercury documentation.
Adding Doors
When adding a door with pivCLASS embedded AAM for the Mercury LP4502 model, do the following:
l Ensure the Name field is updated as follows. If your site uses pivCLASS-compliant credentials to
authenticate credentials, the Name of the door that you enter in the ACM system must match the
reader name entered in the Description field of the reader in the pivCLASS registration system. Before
adding doors, ensure you that you know the reader name entered in the pivCLASS registration
system, as they must be identical. For more information about pivCLASS-compliant registration
software, refer to pivCLASS documentation.
l Select the LP4502 panel name in the Panel field.
l Ensure the Assurance Profile field is updated as follows.
For LP4502 with AAM only; does not appear for external PAM. Select a pivCLASS security level
appropriate for the pivCLASS compliant door at the site; for example, CAK (PIV).
Each profile refers to a protected area that is defined by NIST SP 800-116, titled "A Recommendation
for the Use of PIV Credentials in PACS," and is secured by an identification method in accordance with
the FIPS 201 standard, titled "Personal Identity Verification (PIV) of Federal Employees and
Contractors."
For more information about each authentication method, refer to pivCLASS Service documentation.
l To support the selected Assurance Profile for a pivCLASS configured door, it is recommended to set
the Door Mode to Card Only. Note also, the Disabled, Unlocked and Locked No Access door actions
supercede the Assurance Profile.
Note: It recommended to specify a Baud Rate that is higher than the default 9600 (default) rate and
to lower the baud rate, if reader issues occur. In addition, end users should hold the pivCLASS card
on the pivCLASS reader for more than 5 seconds for smooth operation.
Note: ACM identity management is not used to create pivCLASS users. However, you can view
identities and their tokens. You must use the pivCLASS registration system to add these identities in
the ACM system. For more information about using pivCLASS-compliant registration software to add
identities to the ACM system, refer to pivCLASS documentation. After these identities have been
added, they can be searched, edited and modified to provide physical and logical access. If
necessary, you can produce and print badges, assign to groups, roles, delegations, and so on, as
you can for any other identity.
When viewing a token for an identity the following fields are read-only:
l The Token Type field displays PIV for a Personal Identification Verification (PIV) card for government
employees or PIV-I for a PIV-Interoperable (PIV-I) card for government contractors.
l For PIV-I card only. The CHUID field displays the Card Holder Unique Identifier of the PIV-I card.
Monitoring Events
You can monitor pivCLASS events on the Monitor Events page.
Note: pivCLASS events may be configured from Physical Access > Events and searching on Name:
contains pivCLASS.
2-person control
Under this rule, all access and actions requires the presence of two authorized
people at all times. Two people are necessary to either enter or exit a door.
ACM
Badge template
The format designed for a user badge on which information from the Identities
feature is placed. Templates are designed using the Badge Designer.
BLE
CHUID
CoS
Change of State
Debounce
Glossary 533
suppress the "bouncing", the controller software is designed to anticipate it. This is
known as "debouncing a switch".
dogging
The action of turning the hex key and pressing the push bar to retract the latchbolt,
which unlocks the perimeter door on the outside and allows a person to enter the
building. Can be done remotely or manually.
Door contacts
Input devices that detect changes in door position. This is generally done by
measuring resistance across a circuit connecting part of the door jamb to the door
itself. If the door is opened, the resistance drops.
DPOS
Door position switch. These input devices are more commonly called door
contacts.
EOL
End-Of-Line (EOL) are resistors that supervise the wiring between the alarm panel
and the switch. Preset resistance levels must be maintained at input points or an
alarm event is triggered.
Failover
FAS-N
FIPS
Glossary 534
methods. Only Mercury LP-series controllers with NIST certificate #2389 support
the cryptographic module. Compliance requirements include: FIPS Publication 140-
2 — a U.S. government computer security standard for approving cryptographic
modules, titled "Security Requirements for Cryptographic Modules"; FIPS
Publication 201-2 — a U.S. government standard for identifying federal government
personnel, titled "Personal Identity Verification (PIV) of Federal Employees and
Contractors."
Flow control
The process of managing the rate of data transmission between two nodes
to prevent a fast sender from over running a slow receiver.
Interlock
LDAP
Mag Lock
Magnetic locks work only with DC current, usually 12 to 24 volts. Never connect a
magnetic lock to AC current of any voltage. All magnetic locks are fail safe. This
means that they need a constant source of current to remained locked. If power is
removed the lock will open. If this is a concern use a back-up power supply. All
magnetic locks are silent even when powered and locked. 300 pound pull
magnetic locks work well in light duty installations such as cabinetry.
Glossary 535
N
Netmask
In administering Internet sites, a netmask is a string of 0's and 1's that mask or
screen out the network part of an IP address(IP) so that only the host computer part
of the address remains. The binary 1's at the beginning of the mask turn the network
ID part of the IP address into 0's. The binary 0's that follow allow the host ID to
remain. A frequently-used netmask is 255.255.255.0. (255 is the decimal
equivalent of a binary string of eight ones.) Used for a Class C subnet (one with up
to 255 host computers), the \".0\" in the \"255.255.255.0\" netmask allows the
specific host computer address to be visible.
NIST
PACS
Physical Access Control System. An access control solution for securing people,
property and assets. ACM is a PACS.
Panel
Panels are controllers that connect to one or more doors (door controllers) and their
associated readers, inputs, and outputs.
PIV
PIV-I
Glossary 536
Postgres
redundancy
see Failover
Replication
The process of copying and synchronizing the LDAP database between two or
more appliances so that they share the same configuration information.
REX
Request to exit. REX devices include crash bars and exit buttons.
RQE
RTN
Return to normal. This is normally associated with an event that effectively cancels
an original event. For example, a door open too long event is canceled by a door
closed RTN.
SCP
Secure Copy Protocol is the most basic backup protocol and does not require much
adjustment before it can work properly. It can work effectively on Linux and other
Unix-like systems. To start work, its enough to install the SCP program on the server
and establish the connection.
SFTP
Secure File Transfer Protocol is a network protocol that provides file management
functionality over any reliable data stream. This protocol assumes that it is run over
a secure channel, such as Secure Shell Protocol (SSH), that the server has already
Glossary 537
authenticated the client, and that the identity of the client user is available to the
protocol.
SMTP
Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-
mail) transmission across Internet Protocol (IP) networks.
SNMP
Strike
Electric strikes are often used for "buzz in" types of systems. Electric strikes come in
many varieties. They can be 12 or 24 volts or even higher voltage and they may
take AC or DC current and some even take both. They may be fail safe or fail
secure. A fail safe electric strike needs power to keep it locked. A fail secure
electric strike stays locked even without power. The most common by far is a fail
secure.
Subpanels
If your system supports a hierarchical structure, subpanels are specialty panels that
are controlled by a primary panel. One primary panel can be connected to a large
number of specialty subpanels, incorporating an array of devices such as single and
multiple door modules, keypads, input modules and output modules.
TLS
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are
cryptographic protocols which are designed to provide communication security
over the Internet.
Token
The entry data required to enable an employee or visitor to access a location. This
typically includes a PIN number and, if a physical badge or keycard is required, a
number on the card.
Glossary 538
U
undogging
The action of turning the hex key and releasing the push bar to extend the
latchbolt, which locks the perimeter door on the outside and prevents a person
from entering the building. Can be done remotely or manually.
Glossary 539